see T229575
A Phabricator user is blocked because of his IP range and a security incident but he is served a 500 Internal Server Error.
That leads to ticket creation and debugging from some people what's wrong with Phab.
Let's send a status code that actually fits the real reason, 401 or 403 (Unauthorized / Forbidden) instead and avoid the 5xx ?