Did something change with NPM with regard to access lists at some point in the last year or two? I had a perfectly stable setup running since March 2020, however when I went to make some edits to a proxy this weekend I discovered the access list is no longer properly applied. I was doing simple HTTP auth using the access for one user without doing any type of IP allow/deny. Now, when I apply this list to a proxy, I get 403 forbidden regardless of what I do. When I look in the proxy_host config, I don't see any mention of basic_auth. Wiped things out and did a clean install with the same results and also tried the 'official' NPM but it has the same problem. In the end I just restored my old backup to get back up and running but this means I am no longer able to make changes without things breaking again.