![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 43%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,217 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to monitor the current connections and filter using Client IP.
Currently, I am afraid this will not be possible.
You must define a rule to block the client IP before hand.
However, you can check the logs and filter for the client IP.
- Make sure you have enabled App Gw logs : https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-diagnostics#enable-logging-through-the-azure-portal
- Post this, you can use the below query to see the requests that came in.
AzureDiagnostics | where ResourceType == "APPLICATIONGATEWAYS" and OperationName == "ApplicationGatewayAccess"
Now, to block a certain client IP,
- You must enable WAF in App gateway
- And use Custom Rules : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview
- Your exact case is given as an example here : https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/create-custom-waf-rules#example-3
For Live monitoring, you can use the below metrics,
- Application Gateway v2 metrics : https://learn.microsoft.com/en-us/azure/application-gateway/monitor-application-gateway-reference#application-gateway-v2-metrics
- Application Gateway v1 metrics : https://learn.microsoft.com/en-us/azure/application-gateway/monitor-application-gateway-reference#application-gateway-v1-metrics
- This gives you details on an aggregate manner.
P.S :
- The WebApp will not see the client IP at all as the source IP
- It will be present in the X-Forwarder-For Header
- It will only see the AppGw's IP as AppGW acts as a reverse proxy to your App Service.
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.