Hi @Andy Charalambous ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to use Proxy + WAF and restrict access only to certain IP addresses using custom Rules.
I believe this feature is supported with Azure Front Door WAF and not with App gateway WAF.
With App gateway Custom Rules,
- I see only RemoteAddr match variable is available
- Here, RemoteAddr refers to the IP from which the WAF sees requests
- In your case, this must be Proxy server's IP
- Refer : App gateway custom Rules
However, with AFD Custom Rules,
- I can see two match variables, RemoteAddr and SocketAddr
- Here, RemoteAddr is the original client IP that is usually sent via X-Forwarded-For request header.
- SocketAddr is the source IP address WAF sees
- Refer: Web Application Firewall for Azure Front Door
You can try going with AFD if you would like to use the WAF to filter using X-Forwarded-For client IPs.
I understand that the naming convention is different with AppGW and AFD.
I shall work internally with our product team and see if we can update the documents to explicitly mention this to avoid any confusion.
Please let me know if you have any queries on this, I shall be glad to address them.
Thanks,
Kapil
----------------------------------------------------------------------------------------------------------------
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.