Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
We are using OPNsense with the OPNWAF module to publish an ADFS (MS-SAML 2.0) server.
Since ADFS relies on very large HTTP header lines by design, we are running into issues with the default WAF limits.
(By design, ADFS stores the entire SAML request across multiple cookies such as MSISSamlRequest, MSISSamlRequest1, MSISSamlRequest2)
Clients are receiving the following error message:
Request Header Fields Too Large - The server refused this request because the request header fields are too large.
Currently, there is no way to adjust these limits from within the GUI.
Describe the solution you'd like
I would like to have input fields in the OPNWAF Web GUI settings to configure the Apache parameters LimitRequestFieldSize and LimitRequestLine. Ideally, these limit parameters could be set per vhost or globally for all vhosts (server config).
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
We are using OPNsense with the OPNWAF module to publish an ADFS (MS-SAML 2.0) server.
Since ADFS relies on very large HTTP header lines by design, we are running into issues with the default WAF limits.
(By design, ADFS stores the entire SAML request across multiple cookies such as MSISSamlRequest, MSISSamlRequest1, MSISSamlRequest2)
Clients are receiving the following error message:
Request Header Fields Too Large - The server refused this request because the request header fields are too large.
Currently, there is no way to adjust these limits from within the GUI.
Describe the solution you'd like
I would like to have input fields in the OPNWAF Web GUI settings to configure the Apache parameters LimitRequestFieldSize and LimitRequestLine. Ideally, these limit parameters could be set per vhost or globally for all vhosts (server config).