diff --git a/apps/git/index.tsx b/apps/git/index.tsx
index 7c40042..6b24d64 100644
--- a/apps/git/index.tsx
+++ b/apps/git/index.tsx
@@ -555,6 +555,10 @@ app.on('GET', ['/:repo{.+\\.git}/info/refs', '/:repo/info/refs'], async c => {
     return c.text('Invalid service', 400)
   }
 
+  if (service === 'git-receive-pack' && c.req.header('x-sneaker')) {
+    return c.text('Push access denied over sneaker', 403)
+  }
+
   if (service === 'git-receive-pack') {
     await ensureBareRepo(repoParam)
   }
@@ -586,6 +590,10 @@ app.on('POST', ['/:repo{.+\\.git}/git-upload-pack', '/:repo/git-upload-pack'], a
 
 // POST /:repo[.git]/git-receive-pack
 app.on('POST', ['/:repo{.+\\.git}/git-receive-pack', '/:repo/git-receive-pack'], async c => {
+  if (c.req.header('x-sneaker')) {
+    return c.text('Push access denied over sneaker', 403)
+  }
+
   const repoParam = c.req.param('repo').replace(/\.git$/, '')
 
   if (!validRepoName(repoParam)) {