Geo-location policy in WAF blocks wrong address

Question

We use application gateway with app gateway WAF policy enabled. A custom policy is the geo-location filter, which is blocking everything not originating from white-listed countries. It's been working for years, today it suddenly started blocking our office-network. When checking the related ip-addresses at any of the check-my-ip services online, they all tell us the correct country of theses ip-addresses. This leads us to the assumption it is the Azure GeoMatch filter that got confused somehow.

Currently we got a workaround by whitelisting ip-addresses, but we would rather have the geo-location filter start working again.

Answer 1

@Frank Tore Sæther (Experis AS)

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that your GeoLocation filter in Regional WAF is blocking your Office IPs even though the IPs(region) are whitelisted

However, the issue is no longer recurring.

As you have mentioned, we could only assume that it was a temporary issue.

I believe to pinpoint the exact root cause, we would require a deeper investigation using a support ticket

I would suggest you to raise a support incident, should the issue reoccur.

Kindly let us know if you need further assistance on this issue.

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.