Fixed "satisfy any" if 403 is returned after 401 (ticket #285). The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the latter should be returned with the WWW-Authenticate header to request authentication by a client. The problem could be triggered with 3rd party modules and the "deny" directive, or with auth_basic and auth_request which returns 403 (in 1.5.4+). Patch by Jan Marc Hoffmann.