On one site I have a simple login form with a few protected pages in the Web (web) context. If someone (not signed-in) tries to access one of the protected pages without first signing-in they are automatically redirected to the login form as I would expect. They do not get a 404.
But on a different site I have another login form, this time in a different context Test (test). When someone (not signed-in) tries to access a protected page they are not redirected to the login page but instead get a 404. I'm not necessarily saying the different contexts are the reason but I have no idea what's causing it.
Can anyone shed some light?
First, make sure the anonymous user group has a Context Access ACL entry giving them access to the Context of the Login page.
If the login page is in a different context than the protected page, check the allow_forward_across_contexts System Setting