A mysterious problem surfaced where an Android app making POST requests to an XML api would receive HTTP 302 redirect responses instead of valid 200 responses. Using a web browser with a mobile user agent (admittedly I didn’t try the exact same Java one) worked just fine.
In the end I found that the new Mod Security OWASP module was screwing with my API. I am still not sure which rule I was setting off, but for now have disabled it on the affected API.
Thanks to the info found here: