I was using the 3.0 compatible version of the SecureFiles module. Once a folder in assets is marked as secure in the backend, the module adds a .htaccess file to the folder and sends any requests to that folder through main.php to detect member permissions. Everything was working fine on 3.0.4 with the following director rules:
There is a 3.1 compatible branch of secure files here, https://github.com/timsnadden/silverstripe-securefiles/tree/3.1 - however it suffers from the same issue as previously mentioned regarding the foldername being mistaken for an action.
1) What are the best ways to debug routing issues?
2) Is there any way in routes.yml or indeed the controller to wipe and previous routing rules and start afresh.