This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 28.999999999999996%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi,
We have a WAF policy configured for our Application Gateway that sits in front of the website/server.
The requirement from the client is to block certain hostnames/domains from accessing their website/server.
Although it is possible to create custom rules to block IPs on the WAF policy (fyi...we are using WAF v2), I cannot see an option to blacklist hostnames/domains.
So for instance, the client website www.xyz.com is protected by Azure WAF and they want any request coming from abc.com to be blocked (so this needs to happen based on domain names and not IP address).
Any suggestion on how this can be achieved maybe based on headers for example.
Thanks
Requests do not come from domain names, they come from IP's. There is no way to link a request IP back to a domain name that would allow this to work.
if we need to Block www.xyz.com\about.php , what can we do ??