diff --git a/index.php b/index.php
index 4ff85f48..1fdb2b5f 100644
--- a/index.php
+++ b/index.php
@@ -153,6 +153,8 @@ class Updater {
 	private $updateAvailable = false;
 	/** @var string */
 	private $requestID = null;
+	/** @var bool */
+	private $disabled = false;
 
 	/**
 	 * Updater constructor
@@ -175,6 +177,12 @@ public function __construct($baseDir) {
 		require_once $configFileName;
 		$this->configValues = $CONFIG;
 
+		if (php_sapi_name() !== 'cli' && ($this->configValues['upgrade.disable-web'] ?? false)) {
+			// updater disabled
+			$this->disabled = true;
+			return;
+		}
+
 		$dataDir = $this->getDataDirectoryLocation();
 		if(empty($dataDir) || !is_string($dataDir)) {
 			throw new \Exception('Could not read data directory from config.php.');
@@ -210,6 +218,15 @@ public function __construct($baseDir) {
 		$this->buildTime = $buildTime;
 	}
 
+	/**
+	 * Returns whether the web updater is disabled
+	 *
+	 * @return bool
+	 */
+	public function isDisabled() {
+		return $this->disabled;
+	}
+
 	/**
 	 * Returns current version or "unknown" if this could not be determined.
 	 *
@@ -1279,8 +1296,13 @@ public function logVersion() {
 // Check if the config.php is at the expected place
 try {
 	$updater = new Updater(__DIR__);
+	if ($updater->isDisabled()) {
+		http_response_code(403);
+		die('Updater is disabled, please use the command line');
+	}
 } catch (\Exception $e) {
 	// logging here is not possible because we don't know the data directory
+	http_response_code(500);
 	die($e->getMessage());
 }
 
diff --git a/lib/Updater.php b/lib/Updater.php
index e62b79f8..63082953 100644
--- a/lib/Updater.php
+++ b/lib/Updater.php
@@ -36,6 +36,8 @@ class Updater {
 	private $updateAvailable = false;
 	/** @var string */
 	private $requestID = null;
+	/** @var bool */
+	private $disabled = false;
 
 	/**
 	 * Updater constructor
@@ -58,6 +60,12 @@ public function __construct($baseDir) {
 		require_once $configFileName;
 		$this->configValues = $CONFIG;
 
+		if (php_sapi_name() !== 'cli' && ($this->configValues['upgrade.disable-web'] ?? false)) {
+			// updater disabled
+			$this->disabled = true;
+			return;
+		}
+
 		$dataDir = $this->getDataDirectoryLocation();
 		if(empty($dataDir) || !is_string($dataDir)) {
 			throw new \Exception('Could not read data directory from config.php.');
@@ -93,6 +101,15 @@ public function __construct($baseDir) {
 		$this->buildTime = $buildTime;
 	}
 
+	/**
+	 * Returns whether the web updater is disabled
+	 *
+	 * @return bool
+	 */
+	public function isDisabled() {
+		return $this->disabled;
+	}
+
 	/**
 	 * Returns current version or "unknown" if this could not be determined.
 	 *