diff --git a/internal/server/server.go b/internal/server/server.go
index ea0f51bf..60aff102 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -53,7 +53,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
 	}
 
 	r.GET("/static/{filepath:*}", embeddedFS)
-	r.GET("/api/{filepath:*}", embeddedFS)
+	r.ANY("/api/{filepath:*}", embeddedFS)
 
 	r.GET("/api/health", autheliaMiddleware(handlers.HealthGet))
 	r.GET("/api/state", autheliaMiddleware(handlers.StateGet))
diff --git a/internal/suites/scenario_backend_protection_test.go b/internal/suites/scenario_backend_protection_test.go
index c4b500a2..2b2d8e39 100644
--- a/internal/suites/scenario_backend_protection_test.go
+++ b/internal/suites/scenario_backend_protection_test.go
@@ -35,7 +35,7 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
 		}
 		res, err := client.Do(req)
 		s.Assert().NoError(err)
-		s.Assert().Equal(res.StatusCode, expectedStatusCode)
+		s.Assert().Equal(expectedStatusCode, res.StatusCode)
 	})
 }
 
@@ -55,6 +55,16 @@ func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() {
 	s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403)
 }
 
+func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() {
+	s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
+
+	s.AssertRequestStatusCode("GET", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode("HEAD", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode("POST", fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
+}
+
 func TestRunBackendProtection(t *testing.T) {
 	suite.Run(t, NewBackendProtectionScenario())
 }