Let me check with our lead, this one was raise by VAPT findings.

Hello Daniel, 
to answer your question, the base url in the image is also the link we use for Outsystems Service Studio, and where we accessing the environment.

But it cannot be a valid URL, no OutSystems URL ends with .php

In addition to Daniel's answer, Service Studio is a Windows (or Mac) application, it cannot be started via the browser.

I think I understand the issue, if you request any page including .PHP from an OutSystems environment you will get the 403 forbidden (404 for personal environments). 

I think this is because the OutSystems is set to deny any PHP requests in the AWS LoadBalancers. So my guess is this can't be changed. 

What do you mean by "requesting [a] page (...) from an OutSystems environment"?

{sub domain}.outsystemsenterprise.com/Discovery/Dummy.php

When I check this URL in our enterprise environment I get a 403 exactly like the screenshot.

My guess is OutSystems uses AWS Web Application Firewall, to deny any PHP requests

Right, that could be the case, thx.

I am having this warning that the configuration is invalid

Hi,

This is not gonna work, because the error is implemented on the Firewall level and not on the application level, so there is no manipulation possible by developers, only by OutSystems, because in cloud environments you can't access the Firewall and Loadbalancers