Hi,
we are trying to run SonarQube behind a commercial Web Application Firewall (& reverse proxy) too, and have the same problem that the WAF is globally configured to accept no more than 2048 characters.
Our client doesn't want to increase the limit, since it's global and may have an unexpected performance/memory hit they can't take right now.
imho, a firewall/proxy/... should be capable of being as transparent as possible, not adding its own technical limitations to the services it's providing, especially when there is no specified upper length limit for an URL (even IE8 started to change its URL handling, allowing longer addresses,
more or less).
So yeah, SonarQube is doing nothing wrong (technically) , and still it won't work in some (many?) corporate environments, as Brian already mentioned.
To run SonarQube in as many (crappy) environments as possible, it would be great if you could try to follow this ancient "no longer URLs than 2000 characters" rule of thumb!
Regards,
Markus