Don't always redirect if user isn't authenticated Only redirect a user if he is accessing the redirect url (FLYS.html by default). In other cases only send a 403 Forbidden to indicate that a user isn't allowed to access the url. Should improve flys/issue856 (Timeout in der Authentifizierung führt zu Fehlern)