diff --git a/lib/.htaccess b/lib/.htaccess
index 782472c78..1e558f452 100644
--- a/lib/.htaccess
+++ b/lib/.htaccess
@@ -1,12 +1,23 @@
+# Allow only static resources files
+# - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts
+# - PHP not allowed as they should not be publicly accessible
+
 # Apache 2.4
 <ifModule mod_authz_core.c>
 Require all denied
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot1)$">
+	    Require all granted
+	</FilesMatch>
 </ifModule>
 
 # Apache 2.2
 <ifModule !mod_authz_core.c>
 deny from all
 Satisfy All
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
+	    Order Allow,Deny
+	    Allow from all
+	</FilesMatch>
 </ifModule>
 
 # Apache 2.2 and 2.4
diff --git a/lib/web.config b/lib/web.config
index 58c9c3ac3..88956be1b 100644
--- a/lib/web.config
+++ b/lib/web.config
@@ -1,13 +1,30 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8" ?>
+<!-- Allow only static resources files -->
+<!-- - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts -->
+<!-- - PHP not allowed as they should not be publicly accessible -->
 <configuration>
   <system.webServer>
-    <security>
-      <requestFiltering>
-         <fileExtensions applyToWebDAV="false" allowUnlisted="false"></fileExtensions>
-      </requestFiltering>
-      <authorization>
-        <deny users="*" /> <!-- Denies all users -->
-      </authorization>
-    </security>
+      <security>
+         <requestFiltering>
+            <fileExtensions applyToWebDAV="false" allowUnlisted="false" >
+               <add fileExtension=".css" allowed="true" />
+               <add fileExtension=".scss" allowed="true" />
+               <add fileExtension=".js" allowed="true" />
+               <add fileExtension=".map" allowed="true" />
+               <add fileExtension=".png" allowed="true" />
+               <add fileExtension=".bmp" allowed="true" />
+               <add fileExtension=".gif" allowed="true" />
+               <add fileExtension=".jpeg" allowed="true" />
+               <add fileExtension=".jpg" allowed="true" />
+               <add fileExtension=".svg" allowed="true" />
+               <add fileExtension=".tiff" allowed="true" />
+
+               <add fileExtension=".woff" allowed="true" />
+               <add fileExtension=".woff2" allowed="true" />
+               <add fileExtension=".ttf" allowed="true" />
+               <add fileExtension=".eot" allowed="true" />
+            </fileExtensions>
+         </requestFiltering>
+      </security>
   </system.webServer>
-</configuration>
\ No newline at end of file
+</configuration>