For all Authorization Method types of Results Authorization, it
is assumed a protocol-level denial will be issued when the Search Appliance
accesses URL(s) that a user does not have access too. E.g. for HTTP
URLs, a 401 Unauthorized message should be issued.
However, some servers may only issue a human-readable denial
message, but otherwise return an ok (e.g. HTTP 200) protocol
message. For such results the Search Appliance will assume the user has
access, and will erroneously return the result.
To remedy this, Unauthorized Result Query may be set to a
query that will match only denied pages (e.g. "Access Denied").
The Field/Type box should be set to the query type (substring
vs. REX) and field (raw HTML vs. formatted text) for the search. The
Query field is set to the actual substring or REX query.
Note that this setting imposes an extra search load, as each search
result must be verified with a full-page GET instead of a HEAD, as
well as queried against. Thus, Unauthorized Result Query should
only be set if absolutely necessary.