diff --git a/config/initializers/disable_active_storage_uploads.rb b/config/initializers/disable_active_storage_uploads.rb
new file mode 100644
index 000000000..fa5a52a91
--- /dev/null
+++ b/config/initializers/disable_active_storage_uploads.rb
@@ -0,0 +1,11 @@
+ActiveStorage::DirectUploadsController.class_eval do
+  def create
+    head :unauthorized
+  end
+end
+
+ActiveStorage::DiskController.class_eval do
+  def update
+    head :unauthorized
+  end
+end
diff --git a/spec/controllers/active_storage/direct_uploads_controller_spec.rb b/spec/controllers/active_storage/direct_uploads_controller_spec.rb
new file mode 100644
index 000000000..e4bb0e8e6
--- /dev/null
+++ b/spec/controllers/active_storage/direct_uploads_controller_spec.rb
@@ -0,0 +1,14 @@
+require "rails_helper"
+
+describe ActiveStorage::DirectUploadsController do
+  describe "POST create" do
+    it "doesn't allow anonymous users to upload files" do
+      blob_attributes = { filename: "logo.pdf", byte_size: 30000, checksum: SecureRandom.hex(32) }
+
+      post :create, params: { blob: blob_attributes }
+
+      expect(ActiveStorage::Blob.count).to eq 0
+      expect(response).to be_unauthorized
+    end
+  end
+end
diff --git a/spec/controllers/active_storage/disk_controller_spec.rb b/spec/controllers/active_storage/disk_controller_spec.rb
new file mode 100644
index 000000000..48fc34d7a
--- /dev/null
+++ b/spec/controllers/active_storage/disk_controller_spec.rb
@@ -0,0 +1,13 @@
+require "rails_helper"
+
+describe ActiveStorage::DiskController do
+  describe "PUT update" do
+    it "doesn't allow anonymous users to upload files" do
+      blob = create(:active_storage_blob)
+
+      put :update, params: { encoded_token: blob.signed_id }
+
+      expect(response).to be_unauthorized
+    end
+  end
+end
diff --git a/spec/factories/files.rb b/spec/factories/files.rb
index 2290ccab5..0926ee576 100644
--- a/spec/factories/files.rb
+++ b/spec/factories/files.rb
@@ -55,4 +55,10 @@ FactoryBot.define do
     end
     initialize_with { new(attributes) }
   end
+
+  factory :active_storage_blob, class: "ActiveStorage::Blob" do
+    filename { "sample.pdf" }
+    byte_size { 3000 }
+    checksum { SecureRandom.hex(32) }
+  end
 end