diff --git a/src/main/scala/com/campudus/tableaux/Starter.scala b/src/main/scala/com/campudus/tableaux/Starter.scala
index 3266491c..08e2dc58 100644
--- a/src/main/scala/com/campudus/tableaux/Starter.scala
+++ b/src/main/scala/com/campudus/tableaux/Starter.scala
@@ -24,6 +24,7 @@ object Starter {
   val DEFAULT_WORKING_DIRECTORY = "./"
   val DEFAULT_UPLOADS_DIRECTORY = "uploads/"
   val DEFAULT_ROLE_PERMISSIONS_PATH = "./role-permissions.json"
+  val DEFAULT_IS_PUBLIC_FILE_SERVER = false
 }
 
 class Starter extends ScalaVerticle with LazyLogging {
@@ -54,6 +55,7 @@ class Starter extends ScalaVerticle with LazyLogging {
       val authConfig = config.getJsonObject("auth", Json.obj())
       val rolePermissionsPath = getStringDefault(config, "rolePermissionsPath", Starter.DEFAULT_ROLE_PERMISSIONS_PATH)
       val openApiUrl = Option(getStringDefault(config, "openApiUrl", null))
+      val isPublicFileServer = config.getBoolean("isPublicFileServer", Starter.DEFAULT_IS_PUBLIC_FILE_SERVER)
 
       val rolePermissions = FileUtils(vertxAccessContainer()).readJsonFile(rolePermissionsPath, Json.emptyObj())
 
@@ -64,7 +66,8 @@ class Starter extends ScalaVerticle with LazyLogging {
         workingDirectory = workingDirectory,
         uploadsDirectory = uploadsDirectory,
         rolePermissions = rolePermissions,
-        openApiUrl = openApiUrl
+        openApiUrl = openApiUrl,
+        isPublicFileServer = isPublicFileServer
       )
 
       connection = SQLConnection(vertxAccessContainer(), databaseConfig)
diff --git a/src/main/scala/com/campudus/tableaux/TableauxConfig.scala b/src/main/scala/com/campudus/tableaux/TableauxConfig.scala
index 9603ac70..6072d06b 100644
--- a/src/main/scala/com/campudus/tableaux/TableauxConfig.scala
+++ b/src/main/scala/com/campudus/tableaux/TableauxConfig.scala
@@ -14,7 +14,8 @@ class TableauxConfig(
     workingDirectory: String,
     uploadsDirectory: String,
     val rolePermissions: JsonObject,
-    val openApiUrl: Option[String] = None
+    val openApiUrl: Option[String] = None,
+    val isPublicFileServer: Boolean = false
 ) extends VertxAccess {
 
   def uploadsDirectoryPath(): Path = {
diff --git a/src/main/scala/com/campudus/tableaux/router/MediaRouter.scala b/src/main/scala/com/campudus/tableaux/router/MediaRouter.scala
index 71b5505a..82df4dca 100644
--- a/src/main/scala/com/campudus/tableaux/router/MediaRouter.scala
+++ b/src/main/scala/com/campudus/tableaux/router/MediaRouter.scala
@@ -51,7 +51,9 @@ class MediaRouter(override val config: TableauxConfig, val controller: MediaCont
     router.get(folders).handler(retrieveRootFolder)
     router.getWithRegex(folder).handler(retrieveFolder)
     router.getWithRegex(file).handler(retrieveFile)
-    router.getWithRegex(fileLangStatic).handler(serveFile)
+    if (!config.isPublicFileServer) {
+      router.getWithRegex(fileLangStatic).handler(serveFile)
+    }
 
     router.deleteWithRegex(folder).handler(deleteFolder)
     router.deleteWithRegex(file).handler(deleteFile)
@@ -78,6 +80,16 @@ class MediaRouter(override val config: TableauxConfig, val controller: MediaCont
     router
   }
 
+  def publicRoute: Router = {
+    val router = Router.router(vertx)
+
+    // RETRIEVE
+    if (config.isPublicFileServer) {
+      router.getWithRegex(fileLangStatic).handler(serveFile)
+    }
+    router
+  }
+
   private def getFolderId(context: RoutingContext): Option[Long] = {
     implicit val user = TableauxUser(context)
     getLongParam("folderId", context)
diff --git a/src/main/scala/com/campudus/tableaux/router/RouterRegistry.scala b/src/main/scala/com/campudus/tableaux/router/RouterRegistry.scala
index f2c0b2bc..a6f245a2 100644
--- a/src/main/scala/com/campudus/tableaux/router/RouterRegistry.scala
+++ b/src/main/scala/com/campudus/tableaux/router/RouterRegistry.scala
@@ -66,6 +66,11 @@ object RouterRegistry extends LazyLogging {
       router.route().handler(systemRouter.noRouteMatched)
     }
 
+    def registerPublicRoutes(router: Router) = {
+      logger.info("Registering public routes")
+      router.mountSubRouter("/", mediaRouter.publicRoute)
+    }
+
     def initManualAuth() = {
       val keycloakAuthProvider = KeycloakAuth.create(vertx, tableauxConfig.authConfig)
       val keycloakAuthHandler = OAuth2AuthHandler.create(keycloakAuthProvider)
@@ -89,6 +94,8 @@ object RouterRegistry extends LazyLogging {
         clientOptions,
         handler => {
           if (handler.succeeded()) {
+            registerPublicRoutes(mainRouter)
+
             val keycloakAuthProvider = handler.result()
             val keycloakAuthHandler = OAuth2AuthHandler.create(keycloakAuthProvider)
             mainRouter.route().handler(keycloakAuthHandler)
@@ -122,6 +129,7 @@ object RouterRegistry extends LazyLogging {
         "Started WITHOUT access token verification. The API is completely publicly available and NOT secured! " +
           "This is for development and/or testing purposes ONLY."
       )
+      registerPublicRoutes(mainRouter)
       registerCommonRoutes(mainRouter)
     }