Setting up Azure Function App with Azure Application Gateway (WAF)

Question

Hello!

I am currently trying to setup an Azure function application that will be accessed through an Application Gateway that restricts the network level access using the Azure WAF. I want to restrict the network level access by geographical location and see that it's supported with Azure WAF.

I have tried doing some tests and get stuck at setting up the listener on the Application Gateway when we want to setup for HTTPs since we need to provide the certification. Currently the function app is setup only using the default azurewebsites.net. I don't know the exact IP's that will access the api's but ideally we want to restrict this api to specific countries only.

How can I go about setting this up correctly? Or is there a better option to setup this network level security instead?

Answer 1

Hi , Welcome to MS Q&A

I think you can create Custom rules to suit the exact needs of your applications and security policies and restrict access to your web applications by country/region. To create a geo-filtering custom rule, select Geo-location as the Match Type, and then select the country you want to allow/block from your application.

For more information, see Geomatch custom rules (preview).

And regarding certificates for configuration listener , please check this Configure App Service with Application Gateway

Please let me know if any questions

Kindly accept answer if it helps

Thanks

Deepanshu