diff --git a/doc/docker/nginx.conf b/doc/docker/nginx.conf
index 333f38e910..192ecbc278 100644
--- a/doc/docker/nginx.conf
+++ b/doc/docker/nginx.conf
@@ -35,6 +35,10 @@ server {
 		alias  /usr/share/egroupware/;
 		try_files $uri $uri/ =404;
 		location ~ ^/egroupware(/(?U).+\.php) {
+			# do not allow to call files ment to be included only
+			location ~ /(src|setup|inc|vendor)/ {
+				return 403;
+			}
 			alias  /usr/share/egroupware;
 			fastcgi_pass fpm;
 			# added to support WebDAV/CalDAV/CardDAV