Index: src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
===================================================================
--- src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
+++ src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
@@ -73,6 +73,7 @@
     return array(
       '/res/' => array(
         '(?:(?P<mtime>[0-9]+)T/)?'.
+        '(?P<library>[^/]+)/'.
         '(?P<hash>[a-f0-9]{8})/'.
         '(?P<path>.+\.(?:css|js|jpg|png|swf|gif))'
           => 'CelerityPhabricatorResourceController',
Index: src/infrastructure/celerity/CelerityPhabricatorResourceController.php
===================================================================
--- src/infrastructure/celerity/CelerityPhabricatorResourceController.php
+++ src/infrastructure/celerity/CelerityPhabricatorResourceController.php
@@ -12,17 +12,27 @@
 
   private $path;
   private $hash;
+  private $library;
 
   public function getCelerityResourceMap() {
-    return CelerityResourceMap::getNamedInstance('phabricator');
+    return CelerityResourceMap::getNamedInstance($this->library);
   }
 
   public function willProcessRequest(array $data) {
     $this->path = $data['path'];
     $this->hash = $data['hash'];
+    $this->library = $data['library'];
   }
 
   public function processRequest() {
+    // Check that the resource library exists before trying to serve resources
+    // from it.
+    try {
+      $this->getCelerityResourceMap();
+    } catch (Exception $ex) {
+      return new Aphront400Response();
+    }
+
     return $this->serveResource($this->path);
   }
 
Index: src/infrastructure/celerity/resources/CelerityPhysicalResources.php
===================================================================
--- src/infrastructure/celerity/resources/CelerityPhysicalResources.php
+++ src/infrastructure/celerity/resources/CelerityPhysicalResources.php
@@ -30,6 +30,15 @@
 
       foreach ($resources_list as $resources) {
         $name = $resources->getName();
+
+        if (!preg_match('/^[a-z0-9]+/', $name)) {
+          throw new Exception(
+            pht(
+              'Resources name "%s" is not valid; it must contain only '.
+              'lowercase latin letters and digits.',
+              $name));
+        }
+
         if (empty($resources_map[$name])) {
           $resources_map[$name] = $resources;
         } else {
Index: src/infrastructure/celerity/resources/CelerityResources.php
===================================================================
--- src/infrastructure/celerity/resources/CelerityResources.php
+++ src/infrastructure/celerity/resources/CelerityResources.php
@@ -25,7 +25,8 @@
   }
 
   public function getResourceURI($hash, $name) {
-    return "/res/{$hash}/{$name}";
+    $resources = $this->getName();
+    return "/res/{$resources}/{$hash}/{$name}";
   }
 
   public function getResourcePackages() {