diff --git a/web/auth.go b/web/auth.go
index 512876ce..484ddb73 100644
--- a/web/auth.go
+++ b/web/auth.go
@@ -28,10 +28,9 @@ func authorizationRequired(f http.HandlerFunc) http.Handler {
 	if secured {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			if isAuthorized(r) {
-				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-				return
-			} else {
 				f(w, r)
+			} else {
+				http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 			}
 		})
 	} else {
diff --git a/web/routes_test.go b/web/routes_test.go
index 60052b86..514f0348 100644
--- a/web/routes_test.go
+++ b/web/routes_test.go
@@ -312,6 +312,15 @@ func Test_createRoutes_username_password(t *testing.T) {
 	abide.AssertHTTPResponse(t, t.Name(), rr.Result())
 }
 
+func Test_createRoutes_username_password_invalid(t *testing.T) {
+	handler := createHandler(nil, nil, Config{Base: "/", Username: "amir", Password: "password", Key: "key"})
+	req, err := http.NewRequest("GET", "/api/logs/stream?id=123", nil)
+	require.NoError(t, err, "NewRequest should not return an error.")
+	rr := httptest.NewRecorder()
+	handler.ServeHTTP(rr, req)
+	abide.AssertHTTPResponse(t, t.Name(), rr.Result())
+}
+
 func createHandler(client docker.Client, content fs.FS, config Config) *mux.Router {
 	if client == nil {
 		client = new(MockedClient)