diff --git a/classes/local/controllers/maintenance_static_page.php b/classes/local/controllers/maintenance_static_page.php
index eebe024..c231b24 100644
--- a/classes/local/controllers/maintenance_static_page.php
+++ b/classes/local/controllers/maintenance_static_page.php
@@ -64,6 +64,7 @@ class maintenance_static_page {
      */
     public static function get_resources_folder() {
         global $CFG;
+        // If you change the path, also change file auth/outage/maintenance.php as it does not use this reference.
         return $CFG->dataroot.'/auth_outage/climaintenance';
     }
 
@@ -120,6 +121,7 @@ class maintenance_static_page {
 
     private static function delete_directory_recursively($dir) {
         // It should never come from user, but protect against possible attacks anyway.
+        $dir = realpath($dir);
         $safedir = self::get_resources_folder();
         if (substr($dir, 0, strlen($safedir)) !== $safedir) {
             throw new invalid_parameter_exception('Unsafe to delete: '.$dir);
@@ -208,7 +210,7 @@ class maintenance_static_page {
             copy($url, $path);
         }
 
-        $url = (string)new moodle_url('/auth/outage/maintenance.php/'.$file);
+        $url = (string)new moodle_url('/auth/outage/maintenance.php?file='.$file);
         return $url;
     }
 }
diff --git a/maintenance.php b/maintenance.php
index c84a093..cacdcd2 100644
--- a/maintenance.php
+++ b/maintenance.php
@@ -26,8 +26,30 @@
 use auth_outage\dml\outagedb;
 use auth_outage\local\controllers\maintenance_static_page;
 
-require_once(__DIR__.'/../../config.php');
+if (isset($_GET['file'])) {
+    define('NO_DEBUG_DISPLAY', true);
+    define('ABORT_AFTER_CONFIG', true);
+    require_once(__DIR__.'/../../config.php');
 
-$outage = outagedb::get_next_starting();
-maintenance_static_page::create_from_outage($outage);
-readfile(maintenance_static_page::get_template_file());
+    // We are not using any external libraries or references in this file (cli maintenance is active).
+    // If you change the path below maybe you need to change maintenance_static_page::get_resources_folder() as well.
+    $resourcedir = $CFG->dataroot.'/auth_outage/climaintenance';
+
+    // Protect against path traversal attacks.
+    $file = $resourcedir.'/'.basename($_GET['file']);
+    if (realpath($file) !== $file) {
+        error_log('Invalid file: '.$_GET['file']);
+        http_response_code(404);
+        die('Not found.');
+    }
+
+    // Detect type, we only support css or PNG images.
+    $type = substr($file, -3);
+    if ($type == 'css') {
+        header('Content-type: text/css');
+    } else {
+        header('Content-type: image/png');
+    }
+    readfile($file);
+    return;
+}