diff --git a/src/http.c b/src/http.c
index 1f42111b..b2e41ccb 100644
--- a/src/http.c
+++ b/src/http.c
@@ -464,6 +464,9 @@ http_access_verify_channel(http_connection_t *hc, int mask,
       return -1;
   }
 
+  if (access_verify2(hc->hc_access, mask))
+    return -1;
+
   if (channel_access(ch, hc->hc_access, hc->hc_username))
     res = 0;
   return res;
diff --git a/src/webui/webui.c b/src/webui/webui.c
index fe4685dd..523a4a11 100644
--- a/src/webui/webui.c
+++ b/src/webui/webui.c
@@ -414,7 +414,7 @@ http_tag_playlist(http_connection_t *hc, channel_tag_t *tag)
 
   if(hc->hc_access == NULL ||
      access_verify2(hc->hc_access, ACCESS_STREAMING))
-    return HTTP_STATUS_NOT_ALLOWED;
+    return HTTP_STATUS_UNAUTHORIZED;
 
   hq = &hc->hc_reply;
   host = http_arg_get(&hc->hc_args, "Host");
@@ -453,7 +453,7 @@ http_tag_list_playlist(http_connection_t *hc)
 
   if(hc->hc_access == NULL ||
      access_verify2(hc->hc_access, ACCESS_STREAMING))
-    return HTTP_STATUS_NOT_ALLOWED;
+    return HTTP_STATUS_UNAUTHORIZED;
 
   hq = &hc->hc_reply;
   host = http_arg_get(&hc->hc_args, "Host");
@@ -505,7 +505,7 @@ http_channel_list_playlist(http_connection_t *hc)
 
   if(hc->hc_access == NULL ||
      access_verify2(hc->hc_access, ACCESS_STREAMING))
-    return HTTP_STATUS_NOT_ALLOWED;
+    return HTTP_STATUS_UNAUTHORIZED;
 
   hq = &hc->hc_reply;
   host = http_arg_get(&hc->hc_args, "Host");
@@ -1061,7 +1061,7 @@ page_play(http_connection_t *hc, const char *remain, void *opaque)
      (access_verify2(hc->hc_access, ACCESS_STREAMING) &&
       access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) &&
       access_verify2(hc->hc_access, ACCESS_RECORDER)))
-    return HTTP_STATUS_NOT_ALLOWED;
+    return HTTP_STATUS_UNAUTHORIZED;
 
   playlist = http_arg_get(&hc->hc_req_args, "playlist");
   if (playlist) {
@@ -1104,7 +1104,7 @@ page_dvrfile(http_connection_t *hc, const char *remain, void *opaque)
      (access_verify2(hc->hc_access, ACCESS_STREAMING) &&
       access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) &&
       access_verify2(hc->hc_access, ACCESS_RECORDER)))
-    return HTTP_STATUS_NOT_ALLOWED;
+    return HTTP_STATUS_UNAUTHORIZED;
 
   pthread_mutex_lock(&global_lock);
 
@@ -1228,7 +1228,7 @@ page_imagecache(http_connection_t *hc, const char *remain, void *opaque)
       access_verify2(hc->hc_access, ACCESS_STREAMING) &&
       access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) &&
       access_verify2(hc->hc_access, ACCESS_RECORDER)))
-    return HTTP_STATUS_NOT_ALLOWED;
+    return HTTP_STATUS_UNAUTHORIZED;
 
   if(sscanf(remain, "%d", &id) != 1)
     return HTTP_STATUS_BAD_REQUEST;