Web Application Firewall Protection for Metaswitch EAS

This document is a technical report detailing the custom Web Application Firewall (WAF) solution developed by Loadbalancer.org for Metaswitch EAS deployments. It outlines the specific protection rules implemented to safeguard Metaswitch SIP provisioning services, including legacy services. The report describes how the WAF mitigates brute-force provisioning attacks through client connection tracking and IP address blocking. It also provides an explicit defense against Log4j vulnerabilities. The document lists five tailored WAF rules designed to enhance security for the Metaswitch CommPortal login page, including denial-of-service protection and defenses against brute-force attacks. Additionally, it discusses the importance of having a WAF for web applications exposed to the public internet, emphasizing its role in inspecting web traffic and rejecting malicious requests. The report concludes with prerequisites for deploying the WAF and mentions ongoing support and training provided by Loadbalancer.org.