Add notifications for redirections with content about ratproxy HOT 5 OPEN

This isn't a defect, but I'm not sure how to change the "Type" to 
"Enhancement"...

Hmm, many servers return 30x messages with bodies to assist navigation in case
automatic redirection is not supported or fails, for example Apache does:

HTTP/1.1 301 Moved Permanently
...

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>301 Moved Permanently</TITLE>
</HEAD><BODY>
<H1>Moved Permanently</H1>
The document has moved <A HREF="...">here</A>.<P>
<HR>

We could still replay the request without cookies to see if the response 
changes, but
I'm curious as to how likely this would be?

[deleted comment]

Hi,

Thanks, sounds like we're on the same page :)  I was thinking about just 
checking to
make sure that authenticated content doesn't exist.

Some pages may be different per authenticated user.  For example, if User Role A
cannot see all the fields that User Role B sees, then this might be a change in
content.  What I would like to test for is to make sure that User Role A cannot
access the administration pages AND that if a user comes in uninvited, they 
also do
not get to see any pages.  I would also like to catch the response, ignoring 
the HTML
status code, to make sure that authenticated content is not replayed, and that 
the
programmer is not depending that just because a redirect has been issued that no
other page content will be sent.

We use the PHP code header('Location: loginpage.php'); to redirect our users 
who are
either not authenticated or in a timed-out session.  The applications I deal 
with
contain personal data, protected by legislation.  If someone forgets a "die();"
command, then the page may be able to serve some personal information.  Granted,
there are some cases where the above snippet is sent when a status code is 
sent, but
if there could be some way to determine that it's not just a generic message, I 
think
that would work :)

Some possible checks (perhaps some can be combined to prevent false negatives or
false positives):
-Content is above the maximum length, predefined in code or specified on 
command line
-Content contains form elements
-Content does not contain a list of words (such as "move*", "redirect*", etc.)

Thanks again!