Block traffic from a specific Hosting Provider in Azure Front Door

Hello Adam

You can block traffic from a specific hosting provider in Azure Front Door Premium by using WAF. In Azure Front Door, WAF rules allow you to block requests based on criteria such as source IP address. You can also block traffic from specific regions with geo-filtering, and use default rules or bot protection as needed. Below are the types of rules:

Custom rule Geo-filtering IP restriction

Azure Front Door relies on WAF policies to set these rules. Within a WAF policy, you can create custom rules to match and block certain IP addresses by setting the action to Block and using RemoteAddr as the match variable. Additionally, if you want to block any specific request URI, you can do so by creating a custom rule.

Be sure to link your WAF policy to the Azure Front Door endpoint. After deployment, test to confirm that requests from the specified IP addresses are blocked.

What's the best way to implement this? Is it possible to use the ASN of the hosting provider?

Blocking with ASN is not possible when using the Azure front Door WAF.

Check the public document for more understanding:

https://learn.microsoft.com/en-us/azure/frontdoor/web-application-firewall

Check the custom rule public document: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-custom-rules?toc=%2Fazure%2Ffrontdoor%2Ftoc.json

Refer the below document about Geo-filtering: https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-geo-filtering?toc=%2Fazure%2Ffrontdoor%2Ftoc.json

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.