diff --git a/build/integration/features/bootstrap/BasicStructure.php b/build/integration/features/bootstrap/BasicStructure.php
index a843892773..2fc940981e 100644
--- a/build/integration/features/bootstrap/BasicStructure.php
+++ b/build/integration/features/bootstrap/BasicStructure.php
@@ -179,6 +179,15 @@ trait BasicStructure {
 		}
 	}
 
+	/**
+	 * @When /^sending "([^"]*)" with exact url to "([^"]*)"$/
+	 * @param string $verb
+	 * @param string $url
+	 */
+	public function sendingToDirectUrl($verb, $url) {
+		$this->sendingToWithDirectUrl($verb, $url, null);
+	}
+
 	public function sendingToWithDirectUrl($verb, $url, $body) {
 		$fullUrl = substr($this->baseUrl, 0, -5) . $url;
 		$client = new Client();
diff --git a/build/integration/features/provisioning-v1.feature b/build/integration/features/provisioning-v1.feature
index fba69cd622..1cf50235f2 100644
--- a/build/integration/features/provisioning-v1.feature
+++ b/build/integration/features/provisioning-v1.feature
@@ -497,16 +497,25 @@ Feature: provisioning
 		And As an "admin"
 		And user "subadmin" is disabled
 
-	Scenario: Making a web request with an enabled user
-	    Given As an "admin"
+	Scenario: Making a ocs request with an enabled user
+		Given As an "admin"
 		And user "user0" exists
 		And As an "user0"
 		When sending "GET" to "/cloud/capabilities"
 		Then the HTTP status code should be "200"
 		And the OCS status code should be "100"
 
-	Scenario: Making a web request with a disabled user
-	    Given As an "admin"
+	Scenario: Making a web request with an enabled user
+		Given As an "admin"
+		And user "user0" exists
+		And As an "user0"
+		When sending "GET" to "/cloud/capabilities"
+		When sending "GET" with exact url to "/index.php/apps/files"
+		Then the HTTP status code should be "200"
+		And the OCS status code should be "100"
+
+	Scenario: Making a ocs request with a disabled user
+		Given As an "admin"
 		And user "user0" exists
 		And assure user "user0" is disabled
 		And As an "user0"
@@ -514,3 +523,11 @@ Feature: provisioning
 		Then the OCS status code should be "997"
 		And the HTTP status code should be "401"
 
+	Scenario: Making a web request with a disabled user
+		Given As an "admin"
+		And user "user0" exists
+		And assure user "user0" is disabled
+		And As an "user0"
+		When sending "GET" with exact url to "/index.php/apps/files"
+		And the HTTP status code should be "403"
+
diff --git a/index.php b/index.php
index ce4cdf06e7..d2f920f4a5 100644
--- a/index.php
+++ b/index.php
@@ -48,6 +48,9 @@ try {
 } catch (\OC\HintException $ex) {
 	OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
 	OC_Template::printErrorPage($ex->getMessage(), $ex->getHint());
+} catch (\OC\User\LoginException $ex) {
+	OC_Response::setStatus(OC_Response::STATUS_FORBIDDEN);
+	OC_Template::printErrorPage($ex->getMessage(), $ex->getHint());
 } catch (Exception $ex) {
 	\OC::$server->getLogger()->logException($ex, array('app' => 'index'));
 
diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php
index 0ec27251ba..88725d5e30 100644
--- a/lib/private/legacy/response.php
+++ b/lib/private/legacy/response.php
@@ -33,6 +33,7 @@ class OC_Response {
 	const STATUS_NOT_MODIFIED = 304;
 	const STATUS_TEMPORARY_REDIRECT = 307;
 	const STATUS_BAD_REQUEST = 400;
+	const STATUS_FORBIDDEN = 403;
 	const STATUS_NOT_FOUND = 404;
 	const STATUS_INTERNAL_SERVER_ERROR = 500;
 	const STATUS_SERVICE_UNAVAILABLE = 503;