Don't set the Status header - it is set automatically by the FastCGI code

and this manually set one conflicts with that and causes a 200 response
in rails 2.3.2 it seems.

app/controllers/application_controller.rb

@@ -45,7 +45,6 @@ class ApplicationController < ActionController::Base
     # handle authenticate pass/fail
     unless @user
       # no auth, the user does not exist or the password was wrong
-      response.headers["Status"] = "Unauthorized" 
       response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" 
       render :text => errormessage, :status => :unauthorized
       return false