diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
index f9a256b62..cc6847621 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -21,6 +21,7 @@
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
+import org.springframework.security.web.firewall.DefaultHttpFirewall;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -55,6 +56,11 @@ public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         return firewall;
     }
 
+    @Bean
+    public HttpFirewall defaultFirewall() {
+        return new DefaultHttpFirewall();
+    }
+
     @Bean
     @Profile("!no-auth")
     public WebSecurityConfigurerAdapter defaultAuth() {
@@ -142,7 +148,8 @@ protected void configure(HttpSecurity http) throws Exception {
             @Override
             public void configure(WebSecurity web) throws Exception {
                 super.configure(web);
-                web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
+                //Switch to the default firewall
+                web.httpFirewall(defaultFirewall());
             }
         };
     }