diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index 749d9391..1feea6b7 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -128,6 +128,9 @@ matrix_nginx_proxy_proxy_synapse_additional_server_configuration_blocks: []
 matrix_nginx_proxy_proxy_dendrite_enabled: false
 matrix_nginx_proxy_proxy_dendrite_hostname: "matrix-nginx-proxy"
 matrix_nginx_proxy_proxy_dendrite_federation_api_enabled: "{{ matrix_nginx_proxy_proxy_matrix_federation_api_enabled }}"
+# Controls whether the Client API server (usually at matrix.DOMAIN:443) should explicitly reject `/_matrix/federation` endpoints.
+# Normally, Dendrite Monolith serves both APIs (Client & Federation) at the same port, so we can serve federation at `matrix.DOMAIN:443` too.
+matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port: true
 # The addresses where the Matrix Client API is, when using Dendrite.
 matrix_nginx_proxy_proxy_dendrite_client_api_addr_with_container: ""
 matrix_nginx_proxy_proxy_dendrite_client_api_addr_sans_container: ""
diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2
index 9776085e..939156a3 100644
--- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2
+++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dendrite.conf.j2
@@ -14,6 +14,16 @@ server {
 		{{- configuration_block }}
 	{% endfor %}
 
+	{% if matrix_nginx_proxy_proxy_dendrite_block_federation_api_on_client_port %}
+	location /_matrix/federation {
+		{% if matrix_nginx_proxy_proxy_dendrite_federation_api_enabled %}
+			return 404 'The Federation API is served at https://{{ matrix_server_fqn_matrix }}:{{ matrix_federation_public_port }}';
+		{% else %}
+			return 404 'This Matrix server is running with federation disabled';
+		{% endif %}
+	}
+	{% endif %}
+
 	{# Everything else just goes to the API server ##}
 	location / {
 		{% if matrix_nginx_proxy_enabled %}