Hi All,
There seems to be something odd with the proxying of error responses back to the browser.
The simplest example is when logging into our Reverse Proxied Web Application, if you deliberately enter an incorrect password, the browser receives an HTTP 403 Forbidden response, however the web application actually returns an HTTP 401 Unauthorized response.
As such, the payload with this response is not returned to the browser and the application does not display the correct error message.
Can anyone advise if the proxy may be intercepting the 401 response and replacing it with a 403 response?
Thanks!