diff --git a/NEWS b/NEWS
index 18007fc6..5a8d6f77 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,7 @@ NEWS
   * fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
   * fix segfaults in many plugins if they failed configuration
   * escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
+  * fix hex escape in accesslog (fixes #2559)
 
 - 1.4.35 - 2014-03-12
   * [network/ssl] fix build error if TLSEXT is disabled
diff --git a/src/mod_accesslog.c b/src/mod_accesslog.c
index f5be7d2f..17c5412c 100644
--- a/src/mod_accesslog.c
+++ b/src/mod_accesslog.c
@@ -169,7 +169,7 @@ static void accesslog_append_escaped(buffer *dest, buffer *str) {
 	buffer_string_prepare_append(dest, buffer_string_length(str));
 
 	for (ptr = start = str->ptr, end = str->ptr + buffer_string_length(str); ptr < end; ptr++) {
-		char const c = *ptr;
+		unsigned char const c = (unsigned char) *ptr;
 		if (c >= ' ' && c <= '~' && c != '"' && c != '\\') {
 			/* nothing to change, add later as one block */
 		} else {