Hi,
We have a WAF policy configured for our Application Gateway that sits in front of the website/server.
The requirement from the client is to block certain hostnames/domains from accessing their website/server.
Although it is possible to create custom rules to block IPs on the WAF policy (fyi...we are using WAF v2), I cannot see an option to blacklist hostnames/domains.
So for instance, the client website www.xyz.com is protected by Azure WAF and they want any request coming from abc.com to be blocked (so this needs to happen based on domain names and not IP address).
Any suggestion on how this can be achieved maybe based on headers for example.
Thanks