[os-OPNWAF] Custom Error Documents Inaccessible – Permission Denied Error

[rushstone]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guidelines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug
In os-OPNWAF (OPNsense Business Version 25.10.2), custom error documents cannot be accessed due to a permission denied error. The error log shows that access to custom error documents is denied because search permissions are missing on the path.

The issue occurs because the uploaded custom error document directory (/usr/local/opnsense/data/OPNWAF/errors/[UUID]/) has incorrect permissions (drwxr-x---) compared to the default directory (drwxr-xr-x), preventing Apache from accessing the files.

To Reproduce
Steps to reproduce the behavior:

1. Go to os-OPNWAF → Error Documents
2. Download the default error documents
3. Edit the files and save them as a ZIP archive
4. Upload the modified ZIP file through the web interface
5. Test web protection "/?id=100 or 'x'='y'"

Relevant log files

[core\:error] (13)Permission denied: [client x.x.x.x:49609] AH00035: access to /__waf_errors__/403.html denied (filesystem path '/usr/local/opnsense/data/OPNWAF/errors/[UUID]/403.html') because search permissions are missing on a component of the path.

Workaround:
The issue can be resolved by manually setting the correct permissions:

chmod 755 /usr/local/opnsense/data/OPNWAF/errors/[UUID]/
chmod 644 /usr/local/opnsense/data/OPNWAF/errors/[UUID]/*

Environment

• OPNsense 25.10.2 (Business Edition)

[Monviech]

Thank you for filing the issues. We have fixed them. We also added a default virtual host configuration possibility to the GUI.

It will be released in the next major business edition update next month.