How to block a specific url in Application Gateway

Question

How to block a specific url in Application Gateway

Rakesh Sharma 61

Hi Team,

I have app gateway setup and its working smoothly : https://example.com

But there is a request from client that i need to block a following site.

https://example.com/ideas.txt

How can i achieve this on application gateway?

VasimTamboli 5,215 Reputation points

2023-06-02T15:22:55.89+00:00

Open the Azure portal and navigate to your Application Gateway resource.

In the Application Gateway blade, click on "Listeners" in the left-hand menu.

Select the listener associated with your HTTPS listener and click on "Rules" in the listener's blade.

Click on the "+" button to add a new rule.

In the "Add rule" blade, provide a name for the rule.

Under "Matching Target," select "URL Path-based routing."

In the "URL path-based routing" section, click on "Add" to add a new route.

In the "Path" field, enter "/ideas.txt" to specify the URL that you want to block.

In the "Action" dropdown, select "Block."

Click "Add" to add the route.

Click "Add" to add the rule.

Save the changes to the Application Gateway.

After following these steps, any requests to the specified URL ("/ideas.txt") will be blocked by the Application Gateway, returning an appropriate error response to the client.

Please note that the specific steps and options may vary slightly depending on the Azure portal version and the Application Gateway SKU you are using. Make sure to review the documentation for detailed instructions based on your specific environment.
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-06-06T17:33:16.2833333+00:00

@Rakesh Sharma

May I know if you got a chance to review my previous comment?

Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them.

Thanks,

Kapil
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-06-07T04:29:41.0433333+00:00

@Rakesh Sharma

We noticed your recent experience on the Q&A community platform for this thread was rated as "Not Helpful" for a community member's answer

We are eager to know how we can evolve your experience to a 5* star rating.

Your candid feedback is very important to us.

Please update us if the action plan provided was helpful?

Should there be any follow-up questions or concerns, we shall be happy to address them and drive this to resolution.

Awaiting your response

Thanks,

Kapil
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-06-08T07:24:10.7933333+00:00

@Rakesh Sharma

Can you please update us if the action plan provided was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.

Thanks,

Kapil

1 answer

Your answer

VasimTamboli 5,215 Reputation points

2023-06-02T15:22:55.89+00:00

Open the Azure portal and navigate to your Application Gateway resource.

In the Application Gateway blade, click on "Listeners" in the left-hand menu.

Select the listener associated with your HTTPS listener and click on "Rules" in the listener's blade.

Click on the "+" button to add a new rule.

In the "Add rule" blade, provide a name for the rule.

Under "Matching Target," select "URL Path-based routing."

In the "URL path-based routing" section, click on "Add" to add a new route.

In the "Path" field, enter "/ideas.txt" to specify the URL that you want to block.

In the "Action" dropdown, select "Block."

Click "Add" to add the route.

Click "Add" to add the rule.

Save the changes to the Application Gateway.

After following these steps, any requests to the specified URL ("/ideas.txt") will be blocked by the Application Gateway, returning an appropriate error response to the client.

Please note that the specific steps and options may vary slightly depending on the Azure portal version and the Application Gateway SKU you are using. Make sure to review the documentation for detailed instructions based on your specific environment.
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-06-06T17:33:16.2833333+00:00

@Rakesh Sharma

May I know if you got a chance to review my previous comment?

Please let me know if you are facing any challenges or if there are any follow-up questions, I shall be glad to address them.

Thanks,

Kapil
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-06-07T04:29:41.0433333+00:00

@Rakesh Sharma

We noticed your recent experience on the Q&A community platform for this thread was rated as "Not Helpful" for a community member's answer

We are eager to know how we can evolve your experience to a 5* star rating.

Your candid feedback is very important to us.

Please update us if the action plan provided was helpful?

Should there be any follow-up questions or concerns, we shall be happy to address them and drive this to resolution.

Awaiting your response

Thanks,

Kapil
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2023-06-08T07:24:10.7933333+00:00

@Rakesh Sharma

Can you please update us if the action plan provided was helpful?

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.

Thanks,

Kapil

Answer 1

@Rakesh Sharma

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to block users from accessing a page in your site, constoso.com/test.txt

For the context, we can consider your site as www.contoso.com.

I can think of two methods to prevent users from accessing www.contoso.com/test.txt

Method1 : Using URL Rewrite

This method will not block the requests to www.contoso.com/test.txt , but instead will route all requests to www.contoso.com.
This is as good as restricting access to this particular page and also have a fallback to home page in case users access www.contoso.com/test.txt by mistake
Refer:
- Rewrite URL with Azure Application Gateway - How to
- Rewrite HTTP headers and URL with Application Gateway - Pattern Matching and Server variables
One added advantage here is that you can do this with regular SKU and does not require a WAF SKU

Method2 : Use a Custom Rule

This is straight forward.
You use a custom Rule in Azure WAF to create a DENY rule
Refer
- Custom rules for Web Application Firewall v2 on Azure Application Gateway
- You should use RequestUri as Match Variable and specify it as /test.txt

It must be noted that WAF rules are used to DENY/ALLOW Request based on client properties generally

In case you have a page /test.txt and you do not want users to access this, it is recommended that you must remove this from your site.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please l

Share via

How to block a specific url in Application Gateway

1 answer

Your answer