diff --git a/README.md b/README.md
index 7432e9e..f770863 100644
--- a/README.md
+++ b/README.md
@@ -31,6 +31,7 @@ A self-hosted pastebin **powered by Git**. [Try it here](https://opengist.thomic
 * Avatars
 * Responsive UI
 * Enable or disable signups
+* Restrict or unrestrict snippets visibility to anonymous users
 * Admin panel : delete users/gists; clean database/filesystem by syncing gists
 * SQLite database
 * Logging
diff --git a/internal/models/admin_setting.go b/internal/models/admin_setting.go
index 167ee72..5680e10 100644
--- a/internal/models/admin_setting.go
+++ b/internal/models/admin_setting.go
@@ -11,6 +11,7 @@ type AdminSetting struct {
 
 const (
 	SettingDisableSignup = "disable-signup"
+	SettingRequireLogin  = "require-login"
 )
 
 func GetSetting(key string) (string, error) {
@@ -19,9 +20,24 @@ func GetSetting(key string) (string, error) {
 	return setting.Value, err
 }
 
+func GetSettings() (map[string]string, error) {
+	var settings []AdminSetting
+	err := db.Find(&settings).Error
+	if err != nil {
+		return nil, err
+	}
+
+	result := make(map[string]string)
+	for _, setting := range settings {
+		result[setting.Key] = setting.Value
+	}
+
+	return result, nil
+}
+
 func UpdateSetting(key string, value string) error {
 	return db.Clauses(clause.OnConflict{
-		Columns:   []clause.Column{{Name: "key"}}, // key colume
+		Columns:   []clause.Column{{Name: "key"}}, // key column
 		DoUpdates: clause.AssignmentColumns([]string{"value"}),
 	}).Create(&AdminSetting{
 		Key:   key,
diff --git a/internal/models/db.go b/internal/models/db.go
index fc4890b..1bda640 100644
--- a/internal/models/db.go
+++ b/internal/models/db.go
@@ -28,6 +28,7 @@ func Setup(dbpath string) error {
 	// Default admin setting values
 	return initAdminSettings(map[string]string{
 		SettingDisableSignup: "0",
+		SettingRequireLogin:  "0",
 	})
 }
 
diff --git a/internal/ssh/git_ssh.go b/internal/ssh/git_ssh.go
index 3724d4c..8a18381 100644
--- a/internal/ssh/git_ssh.go
+++ b/internal/ssh/git_ssh.go
@@ -37,7 +37,12 @@ func runGitCommand(ch ssh.Channel, gitCmd string, keyID uint, ip string) error {
 		return errors.New("gist not found")
 	}
 
-	if verb == "receive-pack" {
+	requireLogin, err := models.GetSetting(models.SettingRequireLogin)
+	if err != nil {
+		return errors.New("internal server error")
+	}
+
+	if verb == "receive-pack" || requireLogin == "1" {
 		user, err := models.GetUserBySSHKeyID(keyID)
 		if err != nil {
 			if errors.Is(err, gorm.ErrRecordNotFound) {
diff --git a/internal/web/auth.go b/internal/web/auth.go
index 95297df..9e402b6 100644
--- a/internal/web/auth.go
+++ b/internal/web/auth.go
@@ -30,7 +30,7 @@ func register(ctx echo.Context) error {
 }
 
 func processRegister(ctx echo.Context) error {
-	if getData(ctx, "signupDisabled") == true {
+	if getData(ctx, "DisableSignup") == true {
 		return errorRes(403, "Signing up is disabled", nil)
 	}
 
@@ -148,6 +148,10 @@ func oauthCallback(ctx echo.Context) error {
 	// if user is not in database, create it
 	userDB, err := models.GetUserByProvider(user.UserID, user.Provider)
 	if err != nil {
+		if getData(ctx, "DisableSignup") == true {
+			return errorRes(403, "Signing up is disabled", nil)
+		}
+
 		if !errors.Is(err, gorm.ErrRecordNotFound) {
 			return errorRes(500, "Cannot get user", err)
 		}
@@ -166,10 +170,6 @@ func oauthCallback(ctx echo.Context) error {
 		}
 
 		if err = userDB.Create(); err != nil {
-			if getData(ctx, "signupDisabled") == true {
-				return errorRes(403, "Signing up is disabled", nil)
-			}
-
 			if models.IsUniqueConstraintViolation(err) {
 				addFlash(ctx, "Username "+user.NickName+" already exists in Opengist", "error")
 				return redirect(ctx, "/login")
@@ -281,7 +281,7 @@ func oauth(ctx echo.Context) error {
 		}
 	}
 
-	ctxValue := context.WithValue(ctx.Request().Context(), providerKey, provider)
+	ctxValue := context.WithValue(ctx.Request().Context(), gothic.ProviderParamKey, provider)
 	ctx.SetRequest(ctx.Request().WithContext(ctxValue))
 	if provider != "github" && provider != "gitea" {
 		return errorRes(400, "Unsupported provider", nil)
diff --git a/internal/web/git_http.go b/internal/web/git_http.go
index 6617dec..08fe5f3 100644
--- a/internal/web/git_http.go
+++ b/internal/web/git_http.go
@@ -47,9 +47,10 @@ func gitHttp(ctx echo.Context) error {
 
 			gist := getData(ctx, "gist").(*models.Gist)
 
-			noAuth := ctx.QueryParam("service") == "git-upload-pack" ||
+			noAuth := (ctx.QueryParam("service") == "git-upload-pack" ||
 				strings.HasSuffix(ctx.Request().URL.Path, "git-upload-pack") ||
-				ctx.Request().Method == "GET"
+				ctx.Request().Method == "GET") &&
+				!getData(ctx, "RequireLogin").(bool)
 
 			repositoryPath := git.RepositoryPath(gist.User.Username, gist.Uuid)
 
diff --git a/internal/web/run.go b/internal/web/run.go
index 17c4221..888f5e7 100644
--- a/internal/web/run.go
+++ b/internal/web/run.go
@@ -191,12 +191,12 @@ func Start() {
 			g2.PUT("/set-setting", adminSetSetting)
 		}
 
-		g1.GET("/all", allGists)
-		g1.GET("/:user", allGists)
+		g1.GET("/all", allGists, checkRequireLogin)
+		g1.GET("/:user", allGists, checkRequireLogin)
 
 		g3 := g1.Group("/:user/:gistname")
 		{
-			g3.Use(gistInit)
+			g3.Use(checkRequireLogin, gistInit)
 			g3.GET("", gistIndex)
 			g3.GET("/rev/:revision", gistIndex)
 			g3.GET("/revisions", revisions)
@@ -243,11 +243,9 @@ func dataInit(next echo.HandlerFunc) echo.HandlerFunc {
 		ctx.SetRequest(ctx.Request().WithContext(ctxValue))
 		setData(ctx, "loadStartTime", time.Now())
 
-		disableSignup, err := models.GetSetting(models.SettingDisableSignup)
-		if err != nil {
-			return errorRes(500, "Cannot read setting from database", err)
+		if err := loadSettings(ctx); err != nil {
+			return errorRes(500, "Cannot read settings from database", err)
 		}
-		setData(ctx, "signupDisabled", disableSignup == "1")
 
 		setData(ctx, "githubOauth", config.C.GithubClientKey != "" && config.C.GithubSecret != "")
 		setData(ctx, "giteaOauth", config.C.GiteaClientKey != "" && config.C.GiteaSecret != "")
@@ -318,6 +316,21 @@ func logged(next echo.HandlerFunc) echo.HandlerFunc {
 	}
 }
 
+func checkRequireLogin(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(ctx echo.Context) error {
+		if user := getUserLogged(ctx); user != nil {
+			return next(ctx)
+		}
+
+		require := getData(ctx, "RequireLogin")
+		if require == true {
+			addFlash(ctx, "You must be logged in to access gists", "error")
+			return redirect(ctx, "/login")
+		}
+		return next(ctx)
+	}
+}
+
 func cacheControl(next echo.HandlerFunc) echo.HandlerFunc {
 	return func(c echo.Context) error {
 		c.Response().Header().Set(echo.HeaderCacheControl, "public, max-age=31536000")
diff --git a/internal/web/util.go b/internal/web/util.go
index 456d537..ed49cc9 100644
--- a/internal/web/util.go
+++ b/internal/web/util.go
@@ -18,10 +18,8 @@ import (
 	"strings"
 )
 
-type providerKeyType string
 type dataTypeKey string
 
-const providerKey providerKeyType = "provider"
 const dataKey dataTypeKey = "data"
 
 func setData(ctx echo.Context, key string, value any) {
@@ -110,6 +108,20 @@ func deleteCsrfCookie(ctx echo.Context) {
 	ctx.SetCookie(&http.Cookie{Name: "_csrf", Path: "/", MaxAge: -1})
 }
 
+func loadSettings(ctx echo.Context) error {
+	settings, err := models.GetSettings()
+	if err != nil {
+		return err
+	}
+
+	for key, value := range settings {
+		s := strings.ReplaceAll(key, "-", " ")
+		s = title.String(s)
+		setData(ctx, strings.ReplaceAll(s, " ", ""), value == "1")
+	}
+	return nil
+}
+
 type OpengistValidator struct {
 	v *validator.Validate
 }
diff --git a/public/admin.ts b/public/admin.ts
index 635ea42..d980530 100644
--- a/public/admin.ts
+++ b/public/admin.ts
@@ -1,5 +1,6 @@
 document.addEventListener('DOMContentLoaded', () => {
     registerDomSetting(document.getElementById('disable-signup') as HTMLInputElement);
+    registerDomSetting(document.getElementById('require-login') as HTMLInputElement);
 });
 
 const setSetting = (key: string, value: string) => {
diff --git a/templates/base/base_header.html b/templates/base/base_header.html
index 47de0e8..ba9c178 100644
--- a/templates/base/base_header.html
+++ b/templates/base/base_header.html
@@ -66,7 +66,7 @@
                                 </svg>
                             </a>
                         {{ else }}
-                            {{ if not .signupDisabled }}
+                            {{ if not .DisableSignup }}
                             <a href="/register" class="inline-flex text-slate-300 hover:bg-gray-700 hover:text-white px-3 py-2 rounded-md text-sm font-medium">
                                 <p class="text-slate-300 mr-1">Register</p>
                             </a>
diff --git a/templates/pages/admin_index.html b/templates/pages/admin_index.html
index 9ecbd47..c8fe35c 100644
--- a/templates/pages/admin_index.html
+++ b/templates/pages/admin_index.html
@@ -81,7 +81,11 @@
             <div class="space-y-2">
                 <div>
                     <label for="disable-signup" class="text-sm text-slate-300">Disable signup</label>
-                    <input type="checkbox" id="disable-signup" name="disable-signup" {{ if .signupDisabled }}checked="checked"{{ end }} class="ml-1 h-4 w-4 rounded border-gray-300 text-primary-600 focus:ring-primary-600" />
+                    <input type="checkbox" id="disable-signup" name="disable-signup" {{ if .DisableSignup }}checked="checked"{{ end }} class="ml-1 h-4 w-4 rounded border-gray-300 text-primary-600 focus:ring-primary-600" />
+                </div>
+                <div>
+                    <label for="disable-signup" class="text-sm text-slate-300">Login required</label>
+                    <input type="checkbox" id="require-login" name="require-login" {{ if .RequireLogin }}checked="checked"{{ end }} class="ml-1 h-4 w-4 rounded border-gray-300 text-primary-600 focus:ring-primary-600" />
                 </div>
             </div>
         </div>
diff --git a/templates/pages/auth_form.html b/templates/pages/auth_form.html
index 18cedd2..6b83e25 100644
--- a/templates/pages/auth_form.html
+++ b/templates/pages/auth_form.html
@@ -8,7 +8,7 @@
 
     </header>
     <main class="mt-4">
-        {{ if and .signupDisabled (ne .title "Login") }}
+        {{ if and .DisableSignup (ne .title "Login") }}
         <p class="italic">Administrator has disabled signing up</p>
         {{ else }}
         <div class="sm:col-span-6">
@@ -33,7 +33,7 @@
                             <div class="flex-auto">
                                 <button type="submit" class="inline-flex items-center px-4 py-2 border border-transparent border-gray-700 text-sm font-medium rounded-md shadow-sm text-white bg-primary-600 hover:bg-primary-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-primary-500">Login</button>
                             </div>
-                            {{ if not .signupDisabled }}
+                            {{ if not .DisableSignup }}
                             <span class="float-right text-sm py-2 underline"><a href="/register">Register instead →</a></span>
                             {{ end }}
                         </div>