diff --git a/hmdooris/BottleHelpers.py b/hmdooris/BottleHelpers.py
index 45fc206..929d4d2 100644
--- a/hmdooris/BottleHelpers.py
+++ b/hmdooris/BottleHelpers.py
@@ -3,7 +3,7 @@ from typing import Callable, List
 
 from BottleOIDC import BottleOIDC
 from BottleOIDC.bottle_utils import UnauthorizedError
-from bottle import request
+from bottle import request, abort
 
 
 class BottleHelpers:
@@ -29,8 +29,7 @@ class BottleHelpers:
                 def _wrapper(*args, **kwargs):
                     if self.auth.my_username is not None:
                         return f(*args, **kwargs)
-
-                    return UnauthorizedError('Not Authorized')
+                    abort(401, 'Not Authorized')
 
                 _wrapper.__name__ = f.__name__
                 return _wrapper
@@ -47,7 +46,7 @@ class BottleHelpers:
                 for allowed in self.allowed:
                     if addr.overlaps(allowed):
                         return f(*args, **kwargs)
-                return UnauthorizedError('Not Authorized')
+                abort(401, 'Not Authorized')
 
             _wrapper.__name__ = f.__name__
             return _wrapper
diff --git a/hmdooris/__main__.py b/hmdooris/__main__.py
index 0943206..d73d625 100644
--- a/hmdooris/__main__.py
+++ b/hmdooris/__main__.py
@@ -8,7 +8,7 @@ from typing import Callable
 from BottleOIDC import BottleOIDC
 from BottleOIDC.bottle_utils import UnauthorizedError
 from BottleSessions import BottleSessions
-from bottle import route, run, Bottle, static_file, TEMPLATE_PATH, jinja2_view, post, get, request
+from bottle import route, run, Bottle, static_file, TEMPLATE_PATH, jinja2_view, post, get, request, error
 from bottle_log import LoggingPlugin
 from bottle_websocket import websocket, GeventWebSocketServer
 from geventwebsocket.websocket import WebSocket
@@ -55,8 +55,8 @@ def root():
     return {}
 
 @app.get("/operate")
-@bottle_helpers.require_login
 @bottle_helpers.require_sourceip
+@bottle_helpers.require_login
 @jinja2_view("operate.html.j2")
 def root():
     return {}
@@ -88,5 +88,19 @@ def get_api_lock(id):
 def post_api_lock(id):
     return ccujack.lock_unlock(id, request.json["locking"])
 
+@app.error(401)
+@jinja2_view("not_authorized.html.j2")
+def not_authorized(error):
+    code, msg = error.args
+    return {
+        'user': auth.my_username,
+        'ip': request.remote_addr,
+        'error': error,
+        'code': code,
+        'msg': msg,
+    }
+
+app.error_handler[401] = not_authorized
+
 if __name__ == '__main__':
     app.run(host=config.listen_host, port=config.listen_port, server=GeventWebSocketServer, debug=config.debug, quiet=not config.debug)
diff --git a/hmdooris/templates/not_authorized.html.j2 b/hmdooris/templates/not_authorized.html.j2
new file mode 100644
index 0000000..f81d318
--- /dev/null
+++ b/hmdooris/templates/not_authorized.html.j2
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>HM Dooris - {{ msg }}</title>
+    <link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
+    <link rel=stylesheet type="text/css" href="static/main.css">
+</head>
+<body>
+<h1>HM Dooris - {{ msg }}</h1>
+<p>You are not authorized to lock or unlock.</p>
+<p>user: {{ user }}, ip: {{ ip }}, error: {{ error }}, code: {{ code }}, msg: {{ msg }}</p>
+</body>
+</html>
\ No newline at end of file