I have Azure Application Gateway (WAF V2) in which I have configured below 2 sites through Listeners and Rules.
- public.xyz.com
- restricted.xyz.com
First domain should be accessible to public and there is no restriction. But the 2nd one should be accessible only to specific Client IP Addresses.
What is the best way to achieve this?
CodePudding user response:
You will not be able to restrict traffic by client IP as backend doesn't see the IP. You can only be able to restrict client traffic by using NSG.
CodePudding user response:
The URL you want to allow public access to shouldn't require any changes. Restricting access to the other can be done by adding a WAF policy and setting up two custom rules.
- Follow the
- Add another rule in the custom rules section to deny traffic to that host header value. Make sure the priority on this is lower than the previous rule. The whitelisted IPs will be granted access on the previous rule and all other requests will fall through and be blocked by this rule. Once you add both rules, make sure to hit Save on the Custom Rules section to apply them, I always forget to do that.
