In a black_list specification. It is further configured to "reply" and return "code" 403
via Curl ../System/Maintenance causes 403 to be returned. (perfect)
BUT any case deviation like
Curl ../system/maintenance OR even /System/MainTenance fly right through returning 200
Surely the path aren't supposed to be case sensitive. What am I missing?