diff --git a/.make/dependencies/npm/restoreFolderBrowsingProtection.php b/.make/dependencies/npm/restoreFolderBrowsingProtection.php
new file mode 100644
index 000000000..6aceaa29f
--- /dev/null
+++ b/.make/dependencies/npm/restoreFolderBrowsingProtection.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Copyright (C) 2010-2023 Combodo SARL
+ *
+ *   This file is part of iTop.
+ *
+ *   iTop is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU Affero General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   iTop is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU Affero General Public License for more details.
+ *
+ *   You should have received a copy of the GNU Affero General Public License
+ *   along with iTop. If not, see <http: *www.gnu.org/licenses/>
+ *
+ */
+
+/**
+ * Ensure that the files for folder browsing protection (.htaccess, web.config) are kept after an "npm install/update" command
+ */
+
+$iTopFolder = __DIR__."/../../../";
+
+require_once("$iTopFolder/approot.inc.php");
+
+$sDependenciesRootFolderAbsPath = APPROOT . "node_modules/";
+$aFilesToCheck = [
+	".htaccess",
+	"web.config",
+];
+
+echo "This command aims at ensuring that folder browsing protection files (.htaccess, web.config) are present in the dependencies folder even after an install/upgrade command\n";
+echo "Checking files:\n";
+
+foreach($aFilesToCheck as $sFileToCheck) {
+	if (file_exists($sDependenciesRootFolderAbsPath . $sFileToCheck)) {
+		echo "✔️ $sFileToCheck is present\n";
+		continue;
+	}
+
+	// If missing, copy the one from /lib as it contains the necessary allow/deny directives for third-parties
+	copy(APPROOT . "lib/$sFileToCheck", $sDependenciesRootFolderAbsPath . $sFileToCheck);
+	echo "✔️ $sFileToCheck was missing and has been re-created\n";
+}
+
+// Ensure separation with following scripts
+echo "\n";
\ No newline at end of file
diff --git a/.make/dependencies/rmUnnecessaryFolders.php b/.make/dependencies/rmUnnecessaryFolders.php
index b223c8ab4..48ac33741 100644
--- a/.make/dependencies/rmUnnecessaryFolders.php
+++ b/.make/dependencies/rmUnnecessaryFolders.php
@@ -71,10 +71,10 @@ foreach ($aDeniedButStillPresent as $sDir)
 
 	try {
 		SetupUtils::rrmdir($sDir);
-		echo "OK Remove denied test dir: '$sDir'\n";
+		echo "✔️ Remove denied test dir: '$sDir'\n";
 	}
 	catch (\Exception $e) {
-		echo "\nFAILED to remove denied test dir: '$sDir'\n";
+		echo "\n❌ FAILED to remove denied test dir: '$sDir'\n";
 	}
 }
 
@@ -89,4 +89,7 @@ if (false === empty($aMissing)) {
 	echo "Some new tests dirs exists !\n"
 		.'  They must be declared either in the allowed or denied list in '.$sDependenciesHandlerFQCN." (see N°2651).\n"
 		.'  List of dirs:'."\n".var_export($aMissing, true)."\n";
-}
\ No newline at end of file
+}
+
+// Ensure separation with following scripts
+echo "\n";
diff --git a/node_modules/.htaccess b/node_modules/.htaccess
index af1631e4f..1e558f452 100644
--- a/node_modules/.htaccess
+++ b/node_modules/.htaccess
@@ -1,8 +1,11 @@
+# Allow only static resources files
+# - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts
+# - PHP not allowed as they should not be publicly accessible
 
 # Apache 2.4
 <ifModule mod_authz_core.c>
 Require all denied
-	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot1)$">
 	    Require all granted
 	</FilesMatch>
 </ifModule>
@@ -11,7 +14,7 @@ Require all denied
 <ifModule !mod_authz_core.c>
 deny from all
 Satisfy All
-	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot|html|php)$">
+	<FilesMatch ".+\.(css|scss|js|map|png|bmp|gif|jpe?g|svg|tiff|woff2?|ttf|eot)$">
 	    Order Allow,Deny
 	    Allow from all
 	</FilesMatch>
diff --git a/node_modules/web.config b/node_modules/web.config
index 9667892e3..88956be1b 100644
--- a/node_modules/web.config
+++ b/node_modules/web.config
@@ -1,4 +1,7 @@
 <?xml version="1.0" encoding="utf-8" ?>
+<!-- Allow only static resources files -->
+<!-- - HTML not allowed as there could be some test pages calling server scripts or executing JS scripts -->
+<!-- - PHP not allowed as they should not be publicly accessible -->
 <configuration>
   <system.webServer>
       <security>
@@ -15,15 +18,11 @@
                <add fileExtension=".jpg" allowed="true" />
                <add fileExtension=".svg" allowed="true" />
                <add fileExtension=".tiff" allowed="true" />
-               
+
                <add fileExtension=".woff" allowed="true" />
                <add fileExtension=".woff2" allowed="true" />
                <add fileExtension=".ttf" allowed="true" />
                <add fileExtension=".eot" allowed="true" />
-               
-               <add fileExtension=".html" allowed="true" />
-               
-               <add fileExtension=".php" allowed="true" />
             </fileExtensions>
          </requestFiltering>
       </security>
diff --git a/package.json b/package.json
index 9f60a79c8..30d01c6f6 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
     "toastify-js": "^1.12.0"
   },
   "scripts": {
-    "postinstall": "php .make/dependencies/rmUnnecessaryFolders.php --manager npm",
-    "postupdate": "php .make/dependencies/rmUnnecessaryFolders.php --manager npm"
+    "postinstall": "php .make/dependencies/rmUnnecessaryFolders.php --manager npm && php .make/dependencies/npm/restoreFolderBrowsingProtection.php",
+    "postupdate": "php .make/dependencies/rmUnnecessaryFolders.php --manager npm && php .make/dependencies/npm/restoreFolderBrowsingProtection.php"
   }
 }