diff --git a/README.md b/README.md
index 21d7506..11810df 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,8 @@ Flags
 
 ```
 Usage of ./git-http-backend:
+  -require_auth bool
+        set require auth enable/disable
   -auth_pass_env_var string
         set an env var to provide the basic auth pass as
   -auth_user_env_var string
@@ -97,4 +99,4 @@ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
 CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-```
+```````
diff --git a/main.go b/main.go
index 8a14bac..992a208 100644
--- a/main.go
+++ b/main.go
@@ -9,6 +9,7 @@ import (
 )
 
 func init() {
+  flag.BoolVar(&server.DefaultConfig.RequireAuth, "require_auth", server.DefaultConfig.RequireAuth, "enable basic auth")
 	flag.StringVar(&server.DefaultConfig.AuthPassEnvVar, "auth_pass_env_var", server.DefaultConfig.AuthPassEnvVar, "set an env var to provide the basic auth pass as")
 	flag.StringVar(&server.DefaultConfig.AuthUserEnvVar, "auth_user_env_var", server.DefaultConfig.AuthUserEnvVar, "set an env var to provide the basic auth user as")
 	flag.StringVar(&server.DefaultConfig.DefaultEnv, "default_env", server.DefaultConfig.DefaultEnv, "set the default env")
diff --git a/server/server.go b/server/server.go
index a899331..44f8592 100644
--- a/server/server.go
+++ b/server/server.go
@@ -23,6 +23,7 @@ type Service struct {
 }
 
 type Config struct {
+  RequireAuth    bool
 	AuthPassEnvVar string
 	AuthUserEnvVar string
 	DefaultEnv     string
@@ -46,6 +47,7 @@ var (
 	DefaultAddress = ":8080"
 
 	DefaultConfig = Config{
+    RequireAuth:    false,
 		AuthPassEnvVar: "",
 		AuthUserEnvVar: "",
 		DefaultEnv:     "",
@@ -211,7 +213,19 @@ func getInfoRefs(hr HandlerReq) {
 	service_name := getServiceType(r)
 	access := hasAccess(r, dir, service_name, false)
 	version := r.Header.Get("Git-Protocol")
-	if access {
+	
+  user, password, authok := r.BasicAuth()
+  if DefaultConfig.RequireAuth && !authok {
+    renderAuthRequire(w)
+    return
+  }
+
+  if authok && user != DefaultConfig.AuthUserEnvVar && password != DefaultConfig.AuthPassEnvVar {
+    w.WriteHeader(http.StatusUnauthorized)
+    return
+  }
+	
+  if access {
 		args := []string{service_name, "--stateless-rpc", "--advertise-refs", "."}
 		refs := gitCommand(dir, version, args...)
 
@@ -387,6 +401,13 @@ func renderNoAccess(w http.ResponseWriter) {
 	w.Write([]byte("Forbidden"))
 }
 
+func renderAuthRequire(w http.ResponseWriter) {
+  w.Header().Add("Content-Type", "text/plain")
+  w.Header().Add("WWW-Authenticate", "Basic realm=\"authorization needed\"")
+  w.WriteHeader(http.StatusUnauthorized)
+  w.Write([]byte("401 Unauthorized"))
+}
+
 // Packet-line handling function
 
 func packetFlush() []byte {