Geo location rule not working as expected

Question

Geo location rule not working as expected

Nancharaiah Konatham 0

I HAVE GEO LOACTION BLOCK RULE IN WAF TO BLOCK NON-US traffic ,but it is blocking US ip address also

Vallepu Venkateswarlu 10,025 Reputation points Microsoft External Staff Moderator

2026-06-03T10:11:10.58+00:00
Hi Nancharaiah Konatham,

Welcome to Microsoft Q&A Platform.

I understand you're seeing unexpected blocking of US IP addresses when using a geo-location rule in Azure Web Application Firewall. To help diagnose this, I need a few more details:

Which Azure WAF product and tier are you using (e.g., Application Gateway WAF, Azure Front Door WAF, or Azure CDN WAF)?

Do you have any logs or diagnostic data showing the US IP addresses being blocked, including the rule ID or action taken?

Please share the requested details in a private message for further troubleshooting.

1 answer

Your answer

Vallepu Venkateswarlu 10,025 Reputation points Microsoft External Staff Moderator

2026-06-03T10:11:10.58+00:00

Hi Nancharaiah Konatham,

Welcome to Microsoft Q&A Platform.

I understand you're seeing unexpected blocking of US IP addresses when using a geo-location rule in Azure Web Application Firewall. To help diagnose this, I need a few more details:

Which Azure WAF product and tier are you using (e.g., Application Gateway WAF, Azure Front Door WAF, or Azure CDN WAF)?

Do you have any logs or diagnostic data showing the US IP addresses being blocked, including the rule ID or action taken?

Please share the requested details in a private message for further troubleshooting.

Answer 1

Hi Nancharaiah Konatham,

I can see that you have created a custom WAF rule to block non-US traffic. However, the WAF is still blocking requests that appear to originate from US IP addresses.

Could you please verify in the WAF logs whether the requests are actually originating from the United States or from a different geographic location? This will help determine whether the geo-location rule is functioning as expected or if another rule is causing the traffic to be blocked

To check the logs, if Diagnostic Settings are not currently configured, you can enable them and send the logs to a Log Analytics Workspace. Once enabled, you can review the WAF logs to determine whether the requests are originating from the US or from another geographic location.

Check the Client IP Seen by Front Door using the below KQL Query.

AzureDiagnostics 
| where Category == "FrontDoorWebApplicationFirewallLog" 
| project clientIP_s, ruleName_s, action_s

Take a blocked US IP and verify its geolocation using:

ipinfo.io
whatismyipaddress.com
MaxMind GeoIP

Sometimes the IP is registered to another country even though the user is physically in the US.

If users are using: Corporate VPN, the Front Door evaluates the source IP reaching Front Door, not the user's local workstation IP.

Example:

User in Texas----->Corporate VPN Exit Node (Germany)----->Azure Front Door, Front Door sees Germany and blocks it.

Pleaseand “up-vote” wherever the information provided helps you, **this can be beneficial to other community members.

Share via

Geo location rule not working as expected

1 answer

Your answer