diff --git a/gns3server/web/route.py b/gns3server/web/route.py
index 4fa56339..41b4a89e 100644
--- a/gns3server/web/route.py
+++ b/gns3server/web/route.py
@@ -154,7 +154,6 @@ class Route(object):
             @asyncio.coroutine
             def control_schema(request):
                 # This block is executed at each method call
-
                 server_config = Config.instance().get_section_config("Server")
 
                 # Authenticate
@@ -171,6 +170,9 @@ class Route(object):
 
                 # API call
                 try:
+                    if "controller" in func.__module__ and server_config.getboolean("controller", False) is False:
+                        raise aiohttp.web.HTTPForbidden(text="The server is not a controller")
+
                     request = yield from parse_request(request, input_schema)
                     record_file = server_config.get("record")
                     if record_file:
diff --git a/tests/conftest.py b/tests/conftest.py
index 369ca488..fba38c1f 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -179,8 +179,15 @@ def controller():
     return Controller.instance()
 
 
+@pytest.fixture
+def config():
+    config = Config.instance()
+    config.clear()
+    return config
+
+
 @pytest.yield_fixture(autouse=True)
-def run_around_tests(monkeypatch, port_manager, controller):
+def run_around_tests(monkeypatch, port_manager, controller, config):
     """
     This setup a temporay project file environnement around tests
     """
@@ -188,8 +195,6 @@ def run_around_tests(monkeypatch, port_manager, controller):
     tmppath = tempfile.mkdtemp()
 
     port_manager._instance = port_manager
-    config = Config.instance()
-    config.clear()
     os.makedirs(os.path.join(tmppath, 'projects'))
     config.set("Server", "project_directory", os.path.join(tmppath, 'projects'))
     config.set("Server", "images_path", os.path.join(tmppath, 'images'))
diff --git a/tests/handlers/api/controller/test_version.py b/tests/handlers/api/controller/test_version.py
index a763ce00..0791e88f 100644
--- a/tests/handlers/api/controller/test_version.py
+++ b/tests/handlers/api/controller/test_version.py
@@ -49,6 +49,12 @@ def test_version_invalid_input(http_controller):
                              'status': 409}
 
 
+def test_version_not_controller(http_controller, config):
+    config.set("Server", "controller", False)
+    response = http_controller.get('/version')
+    assert response.status == 403
+
+
 def test_version_invalid_input_schema(http_controller):
     query = {'version': "0.4.2", "bla": "blu"}
     response = http_controller.post('/version', query)