diff --git a/server/server.go b/server/server.go
index a2579b2..a00cbe6 100755
--- a/server/server.go
+++ b/server/server.go
@@ -8,11 +8,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"gogs.inhome.blapointe.com/local/logb"
-	"gogs.inhome.blapointe.com/local/oauth2/oauth2client"
-	"gogs.inhome.blapointe.com/local/rproxy3/config"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage"
-	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
 	"log"
 	"net"
 	"net/http"
@@ -22,6 +17,12 @@ import (
 	"strings"
 	"time"
 
+	"gogs.inhome.blapointe.com/local/logb"
+	"gogs.inhome.blapointe.com/local/oauth2/oauth2client"
+	"gogs.inhome.blapointe.com/local/rproxy3/config"
+	"gogs.inhome.blapointe.com/local/rproxy3/storage"
+	"gogs.inhome.blapointe.com/local/rproxy3/storage/packable"
+
 	"github.com/google/uuid"
 	"golang.org/x/time/rate"
 )
@@ -211,7 +212,8 @@ func (s *Server) doBOAuthZ(foo http.HandlerFunc) http.HandlerFunc {
 		if ok {
 			usr, pwd, ok := r.BasicAuth()
 			if !ok || rusr != usr || rpwd != pwd {
-				w.WriteHeader(http.StatusUnauthorized)
+				w.Header().Set("WWW-Authenticate", "Basic")
+				w.WriteHeader(403)
 				log.Printf("denying proxy basic auth")
 				return
 			}
@@ -224,6 +226,7 @@ func (s *Server) doBOAuthZ(foo http.HandlerFunc) http.HandlerFunc {
 		if url, exists := config.GetBOAuthZ(); ok && exists {
 			err := oauth2client.Authenticate(url, key, w, r)
 			if err != nil {
+				log.Printf("failed proxy oauth2: %v", err)
 				return
 			}
 		}