When attempting to login via a reverse proxy configuration, I'm getting an error in the log that indicates that the referrer isn't valid:
23.03.2016 10:13:27.127 *INFO* [qtp570383345-157] org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request to /crx/de/j_security_check : http://dev.publish.aem.my.domain.com/crx/de/index.jsp.
I'm assuming there is an allowed referrer configuration in a specific bundle that has to exist for the call to be allowed.
