andyll - 7:03 am on Sep 24, 2010 (gmt 0)

Don't return a 200 for a status. Return a 500, with a customized error page. RTFA.

Scott Guthrie's workaround... which is in the advisory... returns a 200.

<customerrors/> by default returns a 200. ( or 302 200 if redirect is used)

As long as all error conditions return the same code it's fine.

Since this is a short term workaround ( I hope ) I personally decided not to send an error condition ever.