diff --git a/server/console.go b/server/console.go
index 530803d4fba8f0e16cf15c9cf219034670771680..41d670082a6702bc6221cc23981ad2033e35b212 100644
--- a/server/console.go
+++ b/server/console.go
@@ -123,6 +123,11 @@ func StartConsoleServer(logger *zap.Logger, startupLogger *zap.Logger, db *sql.D
 			// Authentication endpoint doesn't require security.
 			grpcGateway.ServeHTTP(w, r)
 		default:
+			// 404 non console endpoints
+			if !strings.HasPrefix(r.URL.Path, "/v2/console") {
+				w.WriteHeader(http.StatusNotFound)
+				return
+			}
 			// All other endpoints are secured.
 			auth, ok := r.Header["Authorization"]
 			if !ok || len(auth) != 1 || !checkAuth(config, auth[0]) {