diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index f1d57d4b8..a05f54077 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -260,6 +260,9 @@ class ApplicationController < ActionController::Base
     else
       if @project && @project.archived?
         render_403 :message => :notice_not_authorized_archived_project
+      elsif @project && !@project.allows_to?(:controller => ctrl, :action => action)
+        # Project module is disabled
+        render_403
       else
         deny_access
       end
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index bc66e86d9..b0feee827 100644
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -579,7 +579,7 @@ class ProjectsControllerTest < Redmine::ControllerTest
     get :settings, :params => {
         :id => 1
       }
-    assert_response 302
+    assert_response 403
   end
 
   def test_setting_with_wiki_module_and_no_wiki
@@ -700,7 +700,7 @@ class ProjectsControllerTest < Redmine::ControllerTest
           :name => 'Closed'
         }
       }
-    assert_response 302
+    assert_response 403
     assert_equal 'eCookbook', Project.find(1).name
   end