que tal pegar o cabeçalho 401:
location @checkauth {
auth_basic "Restricted";
auth_basic_user_file htpasswd;
}
location / {
if ($http_authorization = "") {
#return custom code
error_page 490 = @checkauth;
return 490;
}
auth_basic "Restricted";
auth_basic_user_file htpasswd;
error_page 401 = @rewrite;
}