diff --git a/changelog.d/hashtag-feeds-restricted.add b/changelog.d/hashtag-feeds-restricted.add
new file mode 100644
index 000000000..accac9c9c
--- /dev/null
+++ b/changelog.d/hashtag-feeds-restricted.add
@@ -0,0 +1 @@
+Repesct :restrict_unauthenticated for hashtag rss/atom feeds
\ No newline at end of file
diff --git a/lib/pleroma/web/feed/tag_controller.ex b/lib/pleroma/web/feed/tag_controller.ex
index e60767327..02d639296 100644
--- a/lib/pleroma/web/feed/tag_controller.ex
+++ b/lib/pleroma/web/feed/tag_controller.ex
@@ -10,7 +10,7 @@ defmodule Pleroma.Web.Feed.TagController do
   alias Pleroma.Web.Feed.FeedView
 
   def feed(conn, params) do
-    if Config.get!([:instance, :public]) do
+    if not Config.restrict_unauthenticated_access?(:timelines, :local) do
       render_feed(conn, params)
     else
       render_error(conn, :not_found, "Not found")
@@ -18,10 +18,12 @@ defmodule Pleroma.Web.Feed.TagController do
   end
 
   defp render_feed(conn, %{"tag" => raw_tag} = params) do
+    local_only = Config.restrict_unauthenticated_access?(:timelines, :federated)
+
     {format, tag} = parse_tag(raw_tag)
 
     activities =
-      %{type: ["Create"], tag: tag}
+      %{type: ["Create"], tag: tag, local_only: local_only}
       |> Pleroma.Maps.put_if_present(:max_id, params["max_id"])
       |> ActivityPub.fetch_public_activities()
 
diff --git a/test/pleroma/web/feed/tag_controller_test.exs b/test/pleroma/web/feed/tag_controller_test.exs
index 7d196b228..662235f31 100644
--- a/test/pleroma/web/feed/tag_controller_test.exs
+++ b/test/pleroma/web/feed/tag_controller_test.exs
@@ -191,4 +191,60 @@ defmodule Pleroma.Web.Feed.TagControllerTest do
       |> response(404)
     end
   end
+
+  describe "restricted for unauthenticated" do
+    test "returns 404 when local timeline is disabled", %{conn: conn} do
+      clear_config([:restrict_unauthenticated, :timelines], %{local: true, federated: false})
+
+      conn
+      |> put_req_header("accept", "application/rss+xml")
+      |> get(tag_feed_path(conn, :feed, "pleromaart.rss"))
+      |> response(404)
+    end
+
+    test "returns local posts only when federated timeline is disabled", %{conn: conn} do
+      clear_config([:restrict_unauthenticated, :timelines], %{local: false, federated: true})
+
+      local_user = insert(:user)
+      remote_user = insert(:user, local: false)
+
+      local_note =
+        insert(:note,
+          user: local_user,
+          data: %{
+            "content" => "local post #PleromaArt",
+            "summary" => "",
+            "tag" => ["pleromaart"]
+          }
+        )
+
+      remote_note =
+        insert(:note,
+          user: remote_user,
+          data: %{
+            "content" => "remote post #PleromaArt",
+            "summary" => "",
+            "tag" => ["pleromaart"]
+          },
+          local: false
+        )
+
+      insert(:note_activity, user: local_user, note: local_note)
+      insert(:note_activity, user: remote_user, note: remote_note, local: false)
+
+      response =
+        conn
+        |> put_req_header("accept", "application/rss+xml")
+        |> get(tag_feed_path(conn, :feed, "pleromaart.rss"))
+        |> response(200)
+
+      xml = parse(response)
+
+      assert xpath(xml, ~x"//channel/title/text()") == ~c"#pleromaart"
+
+      assert xpath(xml, ~x"//channel/item/title/text()"l) == [
+               ~c"local post #PleromaArt"
+             ]
+    end
+  end
 end