Again answering my own Question software bug as below
httpao improperly caches 401 from URL's longer than 255 characters
CSCue25543
Symptom:
URL over 255 characters and WAE improperly caches in metadatacache and serves back to clients a 401 Authorization Required
Conditions:
httpao with accelerator http metadatacache unauthorized-response enabled. (default)
Workaround:
no accelerator http metadatacache unauthorized-response enable
or
a temp workaround is #clear cache http-metadatacache unauthorized-response
Symptom:
URL over 255 characters and WAE improperly caches in metadatacache and serves back to clients a 401 Authorization Required
Conditions:
httpao with accelerator http metadatacache unauthorized-response enabled. (default)
Workaround:
no accelerator http metadatacache unauthorized-response enable
or
a temp workaround is #clear cache http-metadatacache unauthorized-response
problem fixed in 5.1.1c