diff --git a/cmd/revproxy/main.go b/cmd/revproxy/main.go
index 9be9ba53..8d8562d6 100644
--- a/cmd/revproxy/main.go
+++ b/cmd/revproxy/main.go
@@ -62,6 +62,9 @@ func setupServer(ctx context.Context, config revProxyConfig) *echo.Echo {
 		),
 		)
 	}
+	// Deny rules
+	sk := e.Group("/api/data/user/secret_key", logger)
+	sk.GET("/", echo.NotFoundHandler)
 
 	// Routing for Renku services
 	e.Group("/api/auth", logger, authSvcProxy)
diff --git a/cmd/revproxy/main_test.go b/cmd/revproxy/main_test.go
index 9d0f9004..bb90c51b 100644
--- a/cmd/revproxy/main_test.go
+++ b/cmd/revproxy/main_test.go
@@ -268,6 +268,14 @@ func TestInternalSvcRoutes(t *testing.T) {
 			QueryParams: map[string]string{"test1": "value1", "test2": "value2"},
 			Expected:    TestResults{Path: "/knowledge-graph", VisitedServerIDs: []string{"auth", "upstream"}},
 		},
+		{
+			Path:     "/api/data/user/secret_key",
+			Expected: TestResults{Path: "/api/data/user/secret_key", Non200ResponseStatusCode: 404},
+		},
+		{
+			Path:     "/api/data/user",
+			Expected: TestResults{Path: "/api/data/user", VisitedServerIDs: []string{"auth", "upstream"}},
+		},
 		{
 			Path:     "/api/renku/test",
 			Expected: TestResults{Path: "/renku/test", VisitedServerIDs: []string{"auth", "upstream"}},
diff --git a/cmd/revproxy/middlewares.go b/cmd/revproxy/middlewares.go
index 7cbffcd7..047747ed 100644
--- a/cmd/revproxy/middlewares.go
+++ b/cmd/revproxy/middlewares.go
@@ -104,7 +104,7 @@ func stripPrefix(prefix string) echo.MiddlewareFunc {
 	return middleware.RewriteWithConfig(middleware.RewriteConfig{
 		RegexRules: map[*regexp.Regexp]string{
 			regexp.MustCompile(fmt.Sprintf("^%s/(.+)", prefix)): "/$1",
-			regexp.MustCompile(fmt.Sprintf("^%s$", prefix)): "/",
+			regexp.MustCompile(fmt.Sprintf("^%s$", prefix)):     "/",
 		},
 	})
 }