diff --git a/doc/apache2/vhost.template b/doc/apache2/vhost.template
index 2e96f14ddf..276eb2306c 100644
--- a/doc/apache2/vhost.template
+++ b/doc/apache2/vhost.template
@@ -102,6 +102,9 @@
         RewriteCond %{ENV:SYMFONY_ENV} !^(dev)
         RewriteRule ^/(css|js|fonts?)/.*\.(css|js|otf|eot|ttf|svg|woff) - [L]
 
+        # Prevent access to website with direct usage of app.php in URL
+        RewriteRule ^/(.+/)?app\.php - [R=404,L]
+
         RewriteRule .* /app.php
     </IfModule>
 
diff --git a/doc/nginx/ez_params.d/ez_rewrite_params b/doc/nginx/ez_params.d/ez_rewrite_params
index 46bb834fec..c551faa17c 100644
--- a/doc/nginx/ez_params.d/ez_rewrite_params
+++ b/doc/nginx/ez_params.d/ez_rewrite_params
@@ -17,5 +17,10 @@ rewrite "^/w3c/p3p\.xml" "/w3c/p3p.xml" break;
 rewrite "^/bundles/(.*)" "/bundles/$1" break;
 rewrite "^/assets/(.*)" "/assets/$1" break;
 
+# Prevent access to website with direct usage of app.php in URL
+if ($request_uri ~ "^/(.+/)?app\.php") {
+    return 404;
+}
+
 rewrite "^(.*)$" "/app.php$1" last;