I have kept fiddling around, but found it could not be in the Firewall settings of the Appliance.
Because the 403 page Access Denied was from the proxy server.
Then I tried googling the 403 in combination with AJP.
I tried manipulating the conf file and have come up with a version that works :
<Location /filr>
Options +FollowSymLinks
RewriteEngine On
RewriteRule (.*) https://%{HTTP_HOST}/ssf/a [QSA,R]
Order allow,deny
Allow from all
</Location>

<Location /ssf>
Order allow,deny
Allow from all
RewriteEngine On
Rewritecond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}/%{REQUEST_URI} [QSA,R]
ProxyPass ajp://192.168.168.13:8009/ssf
ProxyPassReverse ajp://192.168.168.13:8009/ssf
</Location>


So with adding allow,deny it works !
BUT is this ok ? Or am I leaving my system doors wide open ?
I have also seen versions with allow from localhost