diff --git a/pkg/apiserver/filters/authorization.go b/pkg/apiserver/filters/authorization.go
index 4a20c1db2c..74567cd624 100644
--- a/pkg/apiserver/filters/authorization.go
+++ b/pkg/apiserver/filters/authorization.go
@@ -40,16 +40,17 @@ func WithAuthorization(handler http.Handler, getAttribs RequestAttributeGetter,
 			return
 		}
 		authorized, reason, err := a.Authorize(attrs)
+		if authorized {
+			handler.ServeHTTP(w, req)
+			return
+		}
 		if err != nil {
 			internalError(w, req, err)
 			return
 		}
-		if !authorized {
-			glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
-			forbidden(w, req)
-			return
-		}
-		handler.ServeHTTP(w, req)
+
+		glog.V(4).Infof("Forbidden: %#v, Reason: %s", req.RequestURI, reason)
+		forbidden(w, req)
 	})
 }