Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,074 questions
How to block all geographic region and only allow specific regions to reach my Azure APIM ?
EnterpriseArchitect
5,316
Reputation points
I have deployed multiple API Management Services (APIM) in my Azure Subscriptions. According to Application Insight, this APIM is hit or maybe attacked by a few thousand requests from around the world daily which my company and product do not have business with.
How can I block or allow API requests based on a specific region instead of the IP address?
- As described in https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/geomatch-custom-rules#countryregion-codes and https://video2.skills-academy.com/en-us/azure/architecture/web-apps/api-management/architectures/protect-apis
Do I have to deploy Azure WAF or Web Application Gateway before the APIM to block or allow specific requests based on Geographic locations?
Any help would be greatly appreciated.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JananiRamesh-MSFT 26,546 Reputation points2024-09-04T05:14:45.53+00:00 @EnterpriseArchitect Thanks for reaching out. Deploying Azure ADF WAF or Application Gateway before your APIM is a recommended approach to block or allow specific requests based on geographic locations. This setup provides an additional layer of security and helps manage traffic more effectively.
When you deploy WAF or Application Gateway before your APIM, you can configure it to handle incoming requests and apply the necessary filtering rules. This setup ensures that only requests from allowed regions are forwarded to your APIM, which can help reduce the number of unwanted requests and improve the overall performance of your API.
Please let me know if you have any further questions.
-
EnterpriseArchitect 5,316 Reputation points
2024-09-04T05:26:19.1633333+00:00 @JananiRamesh-MSFT ,
OK, so how and where do I specify to allow only specific regions or countries? and which one should I deploy, Azure WAF or Application Gateway? -
JananiRamesh-MSFT 26,546 Reputation points
2024-09-04T06:32:09.63+00:00 @EnterpriseArchitect Thanks for getting back, please refer to this: Use Azure WAF geomatch custom rules to enhance network security | Microsoft Learn this applies to both AFD WAF and AppGW WAF for global you can go with AFD WAF.do let me know incase of further queries, I would be happy to assist you.
-
JananiRamesh-MSFT 26,546 Reputation points
2024-09-10T06:20:08.6966667+00:00 @EnterpriseArchitect did you get a chance to see my previous response do let me know incase of further queries, I would be happy to assist you.
Sign in to comment
Sign in to answer