diff --git a/rutorrent.subdomain.conf.sample b/rutorrent.subdomain.conf.sample
index c7ed27a..e177ba6 100644
--- a/rutorrent.subdomain.conf.sample
+++ b/rutorrent.subdomain.conf.sample
@@ -38,6 +38,21 @@ server {
     }
 
     location /RPC2 {
+        # enable the next two lines for http auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        # enable the next two lines for ldap auth
+        #auth_request /auth;
+        #error_page 401 =200 /ldaplogin;
+
+        # enable for Authelia
+        #include /config/nginx/authelia-location.conf;
+
+        # block rpc access by default because it is unprotected
+        # you can comment out the next line to enable remote rpc calls
+        deny all;
+
         include /config/nginx/proxy.conf;
         resolver 127.0.0.11 valid=30s;
         set $upstream_app rutorrent;
diff --git a/rutorrent.subfolder.conf.sample b/rutorrent.subfolder.conf.sample
index 98a7931..451da38 100644
--- a/rutorrent.subfolder.conf.sample
+++ b/rutorrent.subfolder.conf.sample
@@ -27,6 +27,21 @@ location ^~ /rutorrent/ {
 }
 
 location ^~ /rutorrent/RPC2 {
+    # enable the next two lines for http auth
+    #auth_basic "Restricted";
+    #auth_basic_user_file /config/nginx/.htpasswd;
+
+    # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf
+    #auth_request /auth;
+    #error_page 401 =200 /ldaplogin;
+
+    # enable for Authelia, also enable authelia-server.conf in the default site config
+    #include /config/nginx/authelia-location.conf;
+
+    # block rpc access by default because it is unprotected
+    # you can comment out the next line to enable remote rpc calls
+    deny all;
+
     include /config/nginx/proxy.conf;
     resolver 127.0.0.11 valid=30s;
     set $upstream_app rutorrent;