bugzilla webservice does bug.get require authentication?

I am using jsonrpc to access bugzilla webservice's bug.get feature, but it is returning:

Error: 403

Forbidden Content-Type: text/xml

No data.

I make an ajax call to my server, which then acts as a proxy and sends off a POST request to the bugzilla webservice (which is on a separate domain).

var obj={
    'method':'Bug.get',
    'params':{
        'id':bug_list
    },
    'id':bug_list
};
var message=$.toJSON(obj);

$.ajax({
    "contentType":"application/json",
    "data": message,
    "dataType": "json",
    "url": "bug_reply.cgi",
    "type": "post",
    error: function(d, ts, er){
        console.log("OH WOE! D: D: D: D: D: D: D: D: D:"+d+' '+ts+' '+er);
    },
    success: function(d, ts){
        console.log(d);
    }
});

cgi:

#! /usr/bin/perl

use strict;

use lib qw(.);
use CGI qw(:standard Vars);
use vars qw($cgi $template $vars);

use Bug;
use Bugzilla;
use Bugzilla::Search;
use JSON::XS;
use LWP::UserAgent;
use CGI qw(:standard);


# Include the Bugzilla CGI and general utility library.
require "CGI.pl";

my $ua = LWP::UserAgent->new;


my %form = Vars();
if($ENV{REQUEST_METHOD} eq "POST")
{
    my $URL='http://bugs1.eng.proofpoint.com/bugzilla-3.6.4/jsonrpc.cgi';

    my $q = new CGI;
    #my $query =
    my $data=$form{'POSTDATA'};

    my $req=HTTP::Request->new(POST=>$URL);
    $req->content_type('application/x-www-form-urlencoded');
    $req->content($data);

    my $ua = LWP::UserAgent->new;
    my $res = $ua->request($req);

    if ($res->is_success) {
        printf "Content-Type: %s\n\n", $res->header('Content-Type');
        print $res->content;
    } 
    else {
        printf "Content-Type: text/plain\n\n";
        print "Error: " . $res->status_line . "\n";
    }

    print $cgi->h开发者_高级运维eader(-type => 'text/xml');
    print $res->decoded_content;
}

I just used curl instead and it worked.