diff --git a/node/server.js b/node/server.js
index 8795273f..080d4c1a 100644
--- a/node/server.js
+++ b/node/server.js
@@ -90,8 +90,7 @@ async.waterfall([
   {
     //create server
     var app = express.createServer();
-
-    hooks.callAll("expressServer", {"app": app});
+    hooks.callAll("expressCreateServer", {"app": app});
 
     app.use(function (req, res, next) {
       res.header("Server", serverName);
@@ -111,17 +110,7 @@ async.waterfall([
     
     //install logging      
     var httpLogger = log4js.getLogger("http");
-    app.configure(function() 
-    {
-      // Activate http basic auth if it has been defined in settings.json
-      if(settings.httpAuth != null) app.use(basic_auth);
-
-      // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
-      // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
-      if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
-        app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'}));
-      app.use(express.cookieParser());
-    });
+    app.configure(function() { hooks.callAll("expressConfigure", {"app": app}); });
     
     app.error(function(err, req, res, next){
       res.send(500);
@@ -129,26 +118,6 @@ async.waterfall([
       gracefulShutdown();
     });
     
-    //checks for basic http auth
-    function basic_auth (req, res, next) {
-      if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
-        // fetch login and password
-        if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) {
-          next();
-          return;
-        }
-      }
-      
-      res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
-      if (req.headers.authorization) {
-        setTimeout(function () {
-          res.send('Authentication required', 401);
-        }, 1000);
-      } else {
-        res.send('Authentication required', 401);
-      }
-    }
-    
     //serve timeslider.html under /p/$padname/timeslider
     app.get('/p/:pad/:rev?/export/:type', function(req, res, next)
     {
diff --git a/node/webaccess.js b/node/webaccess.js
new file mode 100644
index 00000000..05c398a0
--- /dev/null
+++ b/node/webaccess.js
@@ -0,0 +1,36 @@
+var settings = require('./utils/Settings');
+var express = require('express');
+var log4js = require('log4js');
+var httpLogger = log4js.getLogger("http");
+
+
+//checks for basic http auth
+exports.basicAuth = function (req, res, next) {
+  if (req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
+    // fetch login and password
+    if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() == settings.httpAuth) {
+      next();
+      return;
+    }
+  }
+
+  res.header('WWW-Authenticate', 'Basic realm="Protected Area"');
+  if (req.headers.authorization) {
+    setTimeout(function () {
+      res.send('Authentication required', 401);
+    }, 1000);
+  } else {
+    res.send('Authentication required', 401);
+  }
+}
+
+exports.expressConfigure = function (hook_name, args, cb) {
+  // Activate http basic auth if it has been defined in settings.json
+  if(settings.httpAuth != null) args.app.use(exports.basicAuth);
+
+  // If the log level specified in the config file is WARN or ERROR the application server never starts listening to requests as reported in issue #158.
+  // Not installing the log4js connect logger when the log level has a higher severity than INFO since it would not log at that level anyway.
+  if (!(settings.loglevel === "WARN" || settings.loglevel == "ERROR"))
+    args.app.use(log4js.connectLogger(httpLogger, { level: log4js.levels.INFO, format: ':status, :method :url'}));
+  args.app.use(express.cookieParser());
+}
diff --git a/pluginomatic.json b/pluginomatic.json
index c1d6ae06..237f5c64 100644
--- a/pluginomatic.json
+++ b/pluginomatic.json
@@ -1,9 +1,11 @@
 {
   "parts": [
-    { "name": "static", "hooks": { "expressServer": "../static:expressServer" } },
-    { "name": "specialpages", "hooks": { "expressServer": "../specialpages:expressServer" } },
-    { "name": "padurlsanitize", "hooks": { "expressServer": "../padurlsanitize:expressServer" } },
-    { "name": "minified", "hooks": { "expressServer": "../minified:expressServer" } },
-    { "name": "padreadonly", "hooks": { "expressServer": "../padreadonly:expressServer" } }
+    { "name": "static", "hooks": { "expressCreateServer": "../static:expressServer" } },
+    { "name": "specialpages", "hooks": { "expressCreateServer": "../specialpages:expressServer" } },
+    { "name": "padurlsanitize", "hooks": { "expressCreateServer": "../padurlsanitize:expressServer" } },
+    { "name": "minified", "hooks": { "expressCreateServer": "../minified:expressServer" } },
+    { "name": "padreadonly", "hooks": { "expressCreateServer": "../padreadonly:expressServer" } },
+    { "name": "webaccess", "hooks": { "expressConfigure": "../webaccess:expressConfigure" } }
+
   ]
 }