HTTP authentication failures actually use the failed login attempt logic for

throttling, logging, and blocking/filtering brute-force user/password hackers.
Failed HTTP digest authentication failures actually log the failure (including
the detailed reason for the failure).
But for some reason, I've only been able to get IE, FF and Chrome to use
BASIC authentication (not digest), so presumably there is a bug somewhere in
regards to support for digest auth.