diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 54f78aa05c1c6d3b4c8342ba5dff6a0477c6586b..308d74c647cb52d7640473d45046b2e90f506d18 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -47,11 +47,12 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
-        'auth'       => \Illuminate\Auth\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'bindings'   => \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        'can'        => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest'      => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'throttle'   => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'auth'          => \Illuminate\Auth\Middleware\Authenticate::class,
+        'auth.basic'    => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
+        'bindings'      => \Illuminate\Routing\Middleware\SubstituteBindings::class,
+        'can'           => \Illuminate\Auth\Middleware\Authorize::class,
+        'guest'         => \App\Http\Middleware\RedirectIfAuthenticated::class,
+        'throttle'      => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'referer.check' => \App\Http\Middleware\RefererCheck::class,
     ];
 }
diff --git a/app/Http/Middleware/RefererCheck.php b/app/Http/Middleware/RefererCheck.php
new file mode 100644
index 0000000000000000000000000000000000000000..b0beae57f9e5f65823605f9eeaa12b510fabde3f
--- /dev/null
+++ b/app/Http/Middleware/RefererCheck.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class RefererCheck
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $refererCorrect = env('referer_check');
+        $referer        = $request->server('HTTP_REFERER');
+        if ($refererCorrect !== $referer) {
+            abort(403, 'Unauthorized');
+        } else {
+            return $next($request);
+        }
+    }
+}
diff --git a/resources/views/errors/403.blade.php b/resources/views/errors/403.blade.php
new file mode 100644
index 0000000000000000000000000000000000000000..645d11f96348b491557dfce72b8f315914c303c3
--- /dev/null
+++ b/resources/views/errors/403.blade.php
@@ -0,0 +1,8 @@
+@extends('layouts.subPages')
+
+@section('title', 'Fehler 403 - Unautorisiert')
+
+@section('content')
+<h1>Unautorisiert</h1>
+<p>Sie haben leider keine Rechte auf dieses Dokument zuzugreifen.</p>
+@endsection
diff --git a/routes/web.php b/routes/web.php
index 630d9f442cb616e8bb9016e008790987edaa8cb4..1f35c2a80d360295d8b0ccc1abd88506a6ff01a7 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -127,10 +127,12 @@ Route::group(
                 ->with('navbarFocus', 'dienste');
         });
 
-        Route::get('admin', 'AdminInterface@index');
-        Route::get('admin/count', 'AdminInterface@count');
-        Route::get('admin/check', 'AdminInterface@check');
-        Route::get('admin/engines', 'AdminInterface@engines');
+        Route::group(['middleware' => ['referer.check'], 'prefix' => 'admin'], function () {
+            Route::get('/', 'AdminInterface@index');
+            Route::get('count', 'AdminInterface@count');
+            Route::get('check', 'AdminInterface@check');
+            Route::get('engines', 'AdminInterface@engines');
+        });
 
         Route::get('settings', 'StartpageController@loadSettings');