diff --git a/spring-boot-devtools/pom.xml b/spring-boot-devtools/pom.xml
index 58a07b2ba0..b5641034ab 100644
--- a/spring-boot-devtools/pom.xml
+++ b/spring-boot-devtools/pom.xml
@@ -35,6 +35,16 @@
 			<artifactId>spring-web</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-web</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
diff --git a/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfiguration.java b/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfiguration.java
index e255a362ee..315dc897e5 100644
--- a/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfiguration.java
+++ b/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfiguration.java
@@ -28,6 +28,7 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.devtools.remote.server.AccessManager;
 import org.springframework.boot.devtools.remote.server.Dispatcher;
@@ -47,13 +48,17 @@ import org.springframework.boot.devtools.tunnel.server.RemoteDebugPortProvider;
 import org.springframework.boot.devtools.tunnel.server.SocketTargetServerConnection;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.server.ServerHttpRequest;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 /**
  * {@link EnableAutoConfiguration Auto-configuration} for remote development support.
  *
  * @author Phillip Webb
  * @author Rob Winch
+ * @author Andy Wilkinson
  * @since 1.3.0
  */
 @Configuration
@@ -151,4 +156,30 @@ public class RemoteDevToolsAutoConfiguration {
 
 	}
 
+	@Configuration
+	@ConditionalOnClass(WebSecurityConfigurerAdapter.class)
+	static class RemoteDevToolsSecurityConfiguration {
+
+		@Bean
+		public RemoteRestartWebSecurityConfigurer remoteRestartWebSecurityConfigurer() {
+			return new RemoteRestartWebSecurityConfigurer();
+		}
+
+		@Order(SecurityProperties.IGNORED_ORDER + 2)
+		static class RemoteRestartWebSecurityConfigurer extends
+				WebSecurityConfigurerAdapter {
+
+			@Autowired
+			private DevToolsProperties properties;
+
+			@Override
+			public void configure(HttpSecurity http) throws Exception {
+				http.antMatcher(this.properties.getRemote().getContextPath() + "/**");
+				http.csrf().disable();
+			}
+
+		}
+
+	}
+
 }