diff --git a/apps/files_sharing/lib/Controller/ShareInfoController.php b/apps/files_sharing/lib/Controller/ShareInfoController.php
index 315a562abe..0fe98a32c7 100644
--- a/apps/files_sharing/lib/Controller/ShareInfoController.php
+++ b/apps/files_sharing/lib/Controller/ShareInfoController.php
@@ -48,7 +48,7 @@ class ShareInfoController extends ApiController {
 	 * @param IRequest $request
 	 * @param IManager $shareManager
 	 */
-	public function __construct($appName,
+	public function __construct(string $appName,
 								IRequest $request,
 								IManager $shareManager) {
 		parent::__construct($appName, $request);
@@ -59,26 +59,32 @@ class ShareInfoController extends ApiController {
 	/**
 	 * @PublicPage
 	 * @NoCSRFRequired
+	 * @BruteForceProtection(action=shareinfo)
 	 *
 	 * @param string $t
 	 * @param null $password
 	 * @param null $dir
 	 * @return JSONResponse
-	 * @throws ShareNotFound
 	 */
 	public function info($t, $password = null, $dir = null) {
 		try {
 			$share = $this->shareManager->getShareByToken($t);
 		} catch (ShareNotFound $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+			$response = new JSONResponse([], Http::STATUS_NOT_FOUND);
+			$response->throttle(['token' => $t]);
+			return $response;
 		}
 
 		if ($share->getPassword() && !$this->shareManager->checkPassword($share, $password)) {
-			return new JSONResponse([], Http::STATUS_FORBIDDEN);
+			$response = new JSONResponse([], Http::STATUS_FORBIDDEN);
+			$response->throttle(['token' => $t]);
+			return $response;
 		}
 
 		if (!($share->getPermissions() & Constants::PERMISSION_READ)) {
-			return new JSONResponse([], Http::STATUS_FORBIDDEN);
+			$response = new JSONResponse([], Http::STATUS_FORBIDDEN);
+			$response->throttle(['token' => $t]);
+			return $response;
 		}
 
 		$permissionMask = $share->getPermissions();
diff --git a/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php b/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php
index f43ca13a67..032ff17fad 100644
--- a/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php
+++ b/apps/files_sharing/tests/Controller/ShareInfoControllerTest.php
@@ -66,6 +66,7 @@ class ShareInfoControllerTest extends TestCase {
 			->willThrowException(new ShareNotFound());
 
 		$expected = new JSONResponse([], Http::STATUS_NOT_FOUND);
+		$expected->throttle(['token' => 'token']);
 		$this->assertEquals($expected, $this->controller->info('token'));
 	}
 
@@ -82,6 +83,7 @@ class ShareInfoControllerTest extends TestCase {
 			->willReturn(false);
 
 		$expected = new JSONResponse([], Http::STATUS_FORBIDDEN);
+		$expected->throttle(['token' => 'token']);
 		$this->assertEquals($expected, $this->controller->info('token', 'pass'));
 	}
 
@@ -100,6 +102,7 @@ class ShareInfoControllerTest extends TestCase {
 			->willReturn(true);
 
 		$expected = new JSONResponse([], Http::STATUS_FORBIDDEN);
+		$expected->throttle(['token' => 'token']);
 		$this->assertEquals($expected, $this->controller->info('token', 'pass'));
 	}