os-OPNWAF: subfolder weren't able to open to public/HOST Header not (optionally) forwarded to Backend and LogLevel not changeable

[Reiner030]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• [x] I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

1. LogLevel not changeable to get diagnose on failures
2. ProxyPreserveHost not able to enable to get backend server SNI based vhosts (basically functionality for ages since HTTP/1.1 !!!) (e.g. backend server holds https://services.company.com, https://wiki.company.com, https://selfdesk.comany.com on regular ports 80/443 by SNI)
3. Subfolders cannot be opened to public while main/parent path is forbidden. (e.g. https://services.company.com and open https://services.comany.com/ticketsystem/ )

Since there is no public repository here the suggested working diff. Feel free to modify it to coding styles and there is also need todo "voltage" changes I haven't yet heard about... And since there is no public repository I also cannot use opnsense-patch for this task

root@OPNsense:~ # diff -u /usr/local/opnsense/service/templates/OPNsense/Apache/gateway_vhosts.conf.orig_Reiner030 /usr/local/opnsense/service/templates/OPNsense/Apache/gateway_vhosts.conf
--- /usr/local/opnsense/service/templates/OPNsense/Apache/gateway_vhosts.conf.orig_Reiner030    2024-06-19 12:07:52.000000000 +0200
+++ /usr/local/opnsense/service/templates/OPNsense/Apache/gateway_vhosts.conf   2024-06-27 19:02:23.343907000 +0200
@@ -39,7 +39,7 @@
     Options -FollowSymLinks
     Options -Indexes
     Options -ExecCGI
-    LogLevel warn
+    LogLevel {% if virtualserver.props.LogLevel|default('Warn') == 'Debug'%}Debug{% else %}Warn{% endif %}
     ProxyRequests Off
     SSLProxyEngine On
     SSLProxyCheckPeerName {% if virtualserver.props.SSLProxyCheckPeerName|default('1') == '1'%}On{% else %}Off{% endif %}
@@ -106,6 +106,10 @@
             Require ip {{address}}
 {%              endfor %}
         </RequireAny>
+{%          else %}
+        <RequireAny>
+            Require all granted
+        </RequireAny>
 {%          endif %}

 {%      if location.PassTLSHeaders|default("") != "" %}
@@ -115,7 +119,7 @@
 {%          endfor %}
 {%      endif %}

-        ProxyPreserveHost Off
+        ProxyPreserveHost {% if virtualserver.props.ProxyPreserveHost|default('1') == '1'%}On{% else %}Off{% endif %}
         ProxyPass "balancer://{{location['@uuid']}}/"
         ProxyPassReverse "balancer://{{location['@uuid']}}/"
     </Location>

[AdSchellevis]

1 and 2 I'll add t the plugin, if you want a test version, just drop an email to support at opnsense dot com.

3 you can accomplish by adding an allow all policy (0.0.0.0/0, ::/0), opening all subdirectories automatically has impact on others...