diff --git a/gateway/engine/policies/src/main/java/io/apiman/gateway/engine/policies/BasicAuthenticationPolicy.java b/gateway/engine/policies/src/main/java/io/apiman/gateway/engine/policies/BasicAuthenticationPolicy.java
index 56962872bc..bcadcf7c5c 100644
--- a/gateway/engine/policies/src/main/java/io/apiman/gateway/engine/policies/BasicAuthenticationPolicy.java
+++ b/gateway/engine/policies/src/main/java/io/apiman/gateway/engine/policies/BasicAuthenticationPolicy.java
@@ -68,6 +68,13 @@ protected Class<BasicAuthenticationConfig> getConfigurationClass() {
     @Override
     protected void doApply(final ApiRequest request, final IPolicyContext context, final BasicAuthenticationConfig config,
             final IPolicyChain<ApiRequest> chain) {
+
+        // Check transport security
+        if (config.isRequireTransportSecurity() && !request.isTransportSecure()) {
+            sendAuthFailure(context, chain, config, PolicyFailureCodes.TRANSPORT_SECURITY_REQUIRED);
+            return;
+        }
+
         String authHeader = request.getHeaders().get("Authorization"); //$NON-NLS-1$
         boolean requireBasic = config.getRequireBasicAuth() == null ? Boolean.TRUE : config.getRequireBasicAuth();
 
@@ -94,11 +101,6 @@ protected void doApply(final ApiRequest request, final IPolicyContext context, f
             }
         }
 
-        // Check transport security
-        if (config.isRequireTransportSecurity() && !request.isTransportSecure()) {
-            sendAuthFailure(context, chain, config, PolicyFailureCodes.TRANSPORT_SECURITY_REQUIRED);
-        }
-
         // Parse the Authorization http header.
         String username;
         String password = null;