diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index 8f6786f9c..070db5bbb 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -121,6 +121,8 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
+	if (!is_writable(utils::GetConfigFilePath())) throw new Exception('Setup operations are not allowed outside of the setup');
+
 	switch($sOperation)
 	{
 		case 'async_action':