Give the gift of Drupal. All merchandise is 50% off through 2016.
We believe that commit 03d1a3e: Issue #1962458 by jeremyr - 403 for anonymous users on node/add causes redirects from HTTPS in the admin section and other important URLs (like node/*edit) due to an interaction with Session443, or a bug in the implementation of this commit.
Two days ago I upgraded from Barracuda BOA-2.0.8 to Barracuda BOA-2.0.9, and logged the output of this upgrade, this server is running Drupal 6 sites, the main one being https://www.transitionnetwork.org/
The site has the Session 443 plugin installed to ensure that all authenticated sessions use HTTPS.
Since the upgrade to BOA-2.0.9 all HTTPS requests to /admin* and /node/*/edit (amongst others) that use clean URLs get a 301 redirect to the front page of the site - see an example of this.
No other configuration changes were made to the server prior/since the BOA upgrade.
The issue was tracked down to an SSL-related problem as the problem mostly disappeared when that module was disabled - but session handling across the HTTP(S) contexts was not quite right.
Reverting said commit fixed the problem.