diff --git a/.changeset/thirty-hounds-nail.md b/.changeset/thirty-hounds-nail.md
new file mode 100644
index 0000000000..17c0814741
--- /dev/null
+++ b/.changeset/thirty-hounds-nail.md
@@ -0,0 +1,5 @@
+---
+'@clerk/nextjs': patch
+---
+
+Updates the default middleware config matcher to be more restrictive in how it detects static files. Paths with `.` in them are now allowed, as long as the `.` is not in the final path segment.
diff --git a/packages/nextjs/src/server/authMiddleware.test.ts b/packages/nextjs/src/server/authMiddleware.test.ts
index 72715e2370..76d4b96c58 100644
--- a/packages/nextjs/src/server/authMiddleware.test.ts
+++ b/packages/nextjs/src/server/authMiddleware.test.ts
@@ -141,9 +141,20 @@ const validRoutes = [
   '/protected',
   '/protected/',
   '/protected/hello',
+  '/protected/hello.example/hello',
+  '/my-protected-page',
+  '/my/$special/$pages',
 ];
 
-const invalidRoutes = ['/_next', '/favicon.ico', '/_next/test.json', '/files/api.pdf', '/test/api/test.pdf'];
+const invalidRoutes = [
+  '/_next',
+  '/favicon.ico',
+  '/_next/test.json',
+  '/files/api.pdf',
+  '/test/api/test.pdf',
+  '/imgs/img.png',
+  '/imgs/img-dash.jpg',
+];
 
 describe('default config matcher', () => {
   it('compiles to regex using path-to-regex', () => {
diff --git a/packages/nextjs/src/server/authMiddleware.ts b/packages/nextjs/src/server/authMiddleware.ts
index 577b5c7b4e..4520840100 100644
--- a/packages/nextjs/src/server/authMiddleware.ts
+++ b/packages/nextjs/src/server/authMiddleware.ts
@@ -46,13 +46,13 @@ const INFINITE_REDIRECTION_LOOP_COOKIE = '__clerk_redirection_loop';
  * The default ideal matcher that excludes the _next directory (internals) and all static files,
  * but it will match the root route (/) and any routes that start with /api or /trpc.
  */
-export const DEFAULT_CONFIG_MATCHER = ['/((?!.*\\..*|_next).*)', '/', '/(api|trpc)(.*)'];
+export const DEFAULT_CONFIG_MATCHER = ['/((?!.+\\.[\\w]+$|_next).*)', '/', '/(api|trpc)(.*)'];
 
 /**
  * Any routes matching this path will be ignored by the middleware.
  * This is the inverted version of DEFAULT_CONFIG_MATCHER.
  */
-export const DEFAULT_IGNORED_ROUTES = ['/((?!api|trpc))(_next|.+\\..+)(.*)'];
+export const DEFAULT_IGNORED_ROUTES = [`/((?!api|trpc))(_next.*|.+\\.[\\w]+$)`];
 /**
  * Any routes matching this path will be treated as API endpoints by the middleware.
  */