Best practices for blocking anonymous IP traffic (Azure)

Conor 6 Reputation points
2022-06-11T19:33:56.043+00:00

Hi all. Could anyone tell me if there is a best practice for blocking traffic from VPNs or Anonymous proxies using Azure WAF?

I see that there are a number of services (eg. IP2Location, MaxMind, Queue-it, IPHub) that provide lists of these IPs, but I'm not sure about the best way to use these to block traffic from Azure. It seems that AWS has a managed list that is easy enough to block but I cannot see any Azure equivalent.

Any advice would be much appreciated.

Azure Web Application Firewall
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,591 Reputation points Microsoft Employee
    2022-06-13T17:35:24.3+00:00

    Hello @Conor ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know if there is an Azure equivalent of Anonymous IP List for AWS Managed Rules.

    The Azure WAF consumes Microsoft threat intelligence data feed to block malicious bot traffic as part of the Bot manager rule set. That data feed has information about TORs and anonymous proxies. You can enable a managed bot protection rule set for your WAF to block or log requests from known malicious IP addresses.
    Refer : https://video2.skills-academy.com/en-us/azure/web-application-firewall/ag/bot-protection-overview
    https://video2.skills-academy.com/en-us/azure/web-application-firewall/afds/waf-front-door-drs?tabs=drs20#bot-rules

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.