For all Authorization Method types of Results Authorization, it is assumed a protocol-level denial will be issued when the Search Appliance accesses URL(s) that a user does not have access too. E.g. for HTTP URLs, a 401 Unauthorized message should be issued.
However, some servers may only issue a human-readable denial message, but otherwise return an ok (e.g. HTTP 200) protocol message. For such results the Search Appliance will assume the user has access, and will erroneously return the result.
To remedy this, Unauthorized Result Query may be set to a query that will match only denied pages (e.g. "Access Denied"). The Field/Type box should be set to the query type (substring vs. REX) and field (raw HTML vs. formatted text) for the search. The Query field is set to the actual substring or REX query.
Note that this setting imposes an extra search load, as each search result must be verified with a full-page GET instead of a HEAD, as well as queried against. Thus, Unauthorized Result Query should only be set if absolutely necessary.