How to Block Push to Master Branch on Remote

Prevent pushing to master on GitHub?

Since the original question / answer, Github has added a new option for this to the restricted branches UI which allows you to set this up.

Require pull request reviews before merging When enabled, all commits must be made to a non-protected branch and submitted via a
pull request with the required number of approving reviews and no
changes requested before it can be merged into a branch that matches
this rule.

To find it go to Settings > Branches > Branch Protection Rules
and click 'Add Rule'.
Github UI after following instructions
Then, enter the name of the branch you want to protect and click the checkbox to require pull request reviews before merging.
Github UI with the button to click
By default, this only stops people who are not moderators. There is also another checkbox later down for ensuring that even moderators cannot merge.
Github UI with the other button to click

How to block/restrict push to remote master totally

See the docs on pre-push hooks, and the .git/hooks/pre-push.sample given with any repo :

information on the target references is passed through stdin, not through sys.argv

How to block push to master branch on remote

The original script was perfect, I just needed to rename it from .git/hooks/update.sample to .git/hooks/update on the remote server and make sure it's executable.

#!/bin/sh
if [ $USER != "git-repo-admin" ];
then
  if [ "$1" == refs/heads/master ];
  then
    echo "Manual pushing to this repo is restricted"
    exit 1
  fi
fi

Disable push to specific branches on GitHub

Ok I got the answer from IRC after a long chat. I'll have to work with forks and pull requests, or add pre-push hooks on each dev's machine since GitHub doesn't allow per branch permissions neither pre-publish canceling hooks. Here is a part of the answers I got:

Fork the repository. then the developer can work on their own version of the repository, and doesn't have to worry about committing to the wrong branch. And then someone upstream can always merge into whatever branch should be committed into.
Yeah but we're a company and we don't want that all our devs have forks
Why not?
Well they should be able to push their branch on a common repo to work with some other devs on the same feature for example.
Have a read through https://help.github.com/articles/using-pull-requests. You can still send patches around between multiple forks. This is the model that git was built on
I know but I want to be able to see quickly in a central way the actual work on any feature/hotfix, ...
To cut a long story short: GitHub doesn't support per-branch permissions

Prohibit remote pushing to the master branch in git

You should take a look at the sample update hook called update-paranoid in the contrib directory of the git distribution. It allows you to set up per-branch ACLs restricting who is allowed to push to which branches. This way you can restrict updating master to just release owners.

I'm not quite sure what you mean by "only updated via branch merging". I'm assuming that your central repository is bare, in which case branches are usually only updated by a push. There's no conceptual difference in git between pushing a commit that is a merge and one that isn't so I'm not sure what your criteria for restricting the type of update for master is intended to be.

In the case that you are pushing to a non-bare central repository and master is always the checked out branch then you can simply set the config variable receive.denyCurrentBranch to true or refuse.