Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
- OPNWAF-2.2 is used as reverse proxy to protect an Exchange Server SE with standard setting and extended protection enabled.
- OWA works except PDF attachment preview, but
- Outlook LTSC Profession Plus 2024 access via MAPI/HTTPS suffers from unacceptable regular authentication popups similar to what has been described at https://forum.opnsense.org/index.php?topic=50001.30.
- Our setup is in line with https://docs.opnsense.org/vendor/deciso/opnwaf.html#exchange-server having “mpm-prefork” enabled.
To Reproduce
Steps to reproduce the behavior:
- Open Outlook LTSC Profession Plus 2024 and access Exchange Server SE via MAPI/HTTPS,
- Authenticate, and
- After a short while, new authentication requests will pop up.
Expected behavior
No new authentication requests to pop up on a regular basis.
Environment
BE OPNsense 26.4
os-OPNWAF-2.2
Intel(R) Core(TM) Ultra 5 245K (4185.60-MHz K8-class CPU)
Proposed solution
The following works in our environment, but may have unintended and yet undetected collateral effects - to be checked:
*** /usr/local/opnsense/service/templates/OPNsense/Apache/httpd.conf.ori Tue Apr 14 11:23:51 2026
--- /usr/local/opnsense/service/templates/OPNsense/Apache/httpd.conf Thu Apr 23 16:41:00 2026
***************
*** 141,146 ****
--- 141,148 ----
MaxRequestWorkers 300
MaxConnectionsPerChild 1
KeepAlive On
+ MaxKeepAliveRequests 0
+ KeepAliveTimeout 5
{% endif %}
{% if not helpers.empty('OPNsense.Apache.general.enableWebprotection') %}
plus removing ‘Header always set X-Frame-Options SAMEORIGIN’ in /usr/local/opnsense/service/templates/OPNsense/Apache/includes/ExchangeHttps as it breaks the PDF preview in OWA in Edge, Chrome and FF.
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
To Reproduce
Steps to reproduce the behavior:
Expected behavior
No new authentication requests to pop up on a regular basis.
Environment
BE OPNsense 26.4
os-OPNWAF-2.2
Intel(R) Core(TM) Ultra 5 245K (4185.60-MHz K8-class CPU)
Proposed solution
The following works in our environment, but may have unintended and yet undetected collateral effects - to be checked:
plus removing ‘Header always set X-Frame-Options SAMEORIGIN’ in /usr/local/opnsense/service/templates/OPNsense/Apache/includes/ExchangeHttps as it breaks the PDF preview in OWA in Edge, Chrome and FF.