question

Soeb-1375 avatar image
0 Votes"
Soeb-1375 asked emadadel2008 answered

Block certain URLs/domains/hostnames on WAF

Hi,

We have a WAF policy configured for our Application Gateway that sits in front of the website/server.

The requirement from the client is to block certain hostnames/domains from accessing their website/server.

Although it is possible to create custom rules to block IPs on the WAF policy (fyi...we are using WAF v2), I cannot see an option to blacklist hostnames/domains.

So for instance, the client website www.xyz.com is protected by Azure WAF and they want any request coming from abc.com to be blocked (so this needs to happen based on domain names and not IP address).

Any suggestion on how this can be achieved maybe based on headers for example.

Thanks

azure-application-gatewayazure-web-application-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sam-Cogan avatar image
0 Votes"
Sam-Cogan answered

Requests do not come from domain names, they come from IP's. There is no way to link a request IP back to a domain name that would allow this to work.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

emadadel2008 avatar image
0 Votes"
emadadel2008 answered

if we need to Block www.xyz.com\about.php , what can we do ??

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.