diff --git a/server/plugin/plg_handler_site/index.go b/server/plugin/plg_handler_site/index.go
new file mode 100644
index 00000000..e5b5f8ea
--- /dev/null
+++ b/server/plugin/plg_handler_site/index.go
@@ -0,0 +1,58 @@
+package plg_handler_site
+
+import (
+	"io"
+	"net/http"
+	"strings"
+
+	. "github.com/mickael-kerjean/filestash/server/common"
+	"github.com/mickael-kerjean/filestash/server/ctrl"
+	. "github.com/mickael-kerjean/filestash/server/middleware"
+	"github.com/mickael-kerjean/filestash/server/model"
+
+	"github.com/gorilla/mux"
+)
+
+func init() {
+	Hooks.Register.HttpEndpoint(func(r *mux.Router, app *App) error {
+		r.PathPrefix("/public/{share}/").HandlerFunc(NewMiddlewareChain(
+			publicHandler,
+			[]Middleware{SessionStart, SecureHeaders},
+			*app,
+		)).Methods("GET", "HEAD")
+		return nil
+	})
+}
+
+func publicHandler(app *App, w http.ResponseWriter, r *http.Request) {
+	if app.Backend == nil {
+		SendErrorResult(w, ErrNotFound)
+		return
+	} else if model.CanRead(app) == false {
+		SendErrorResult(w, ErrPermissionDenied)
+		return
+	}
+	path := strings.TrimPrefix(r.URL.Path, "/public/"+app.Share.Id)
+	if strings.HasSuffix(path, "/") {
+		path += "index.html"
+	}
+	path, err := ctrl.PathBuilder(app, path)
+	if err != nil {
+		SendErrorResult(w, err)
+		return
+	}
+	for _, auth := range Hooks.Get.AuthorisationMiddleware() {
+		if err = auth.Cat(app, path); err != nil {
+			SendErrorResult(w, ErrNotAuthorized)
+			return
+		}
+	}
+	f, err := app.Backend.Cat(path)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	w.Header().Set("Content-Type", GetMimeType(path))
+	io.Copy(w, f)
+	f.Close()
+}