Share via

WAF Custom Rule Failure: IP Allow-list (SocketAddr) not working

Sergey Zakharov 20 Reputation points
2026-02-13T10:20:17.2633333+00:00

Hello Community,

We are experiencing a persistent issue with an Azure Front Door WAF policy. Despite creating a brand-new instance today to rule out configuration conflicts from a failed attempt yesterday, our IP filtering remains non-functional.

We have a Custom Rule using SocketAddr to block all traffic except for IP. Although we have waited over 60 minutes for propagation, the user at this IP is still receiving a 403 Forbidden error.

We have verified the public IP and the WAF association.

Policy Mode: Prevention

Image-PII

Azure Front Door
Azure Front Door

An Azure service that provides a cloud content delivery network with threat protection.

0 comments
Answer accepted by question author
  1. Ravi Varma Mudduluru 7,990 Reputation points Microsoft External Staff Moderator
    2026-02-13T10:36:23.0766667+00:00

    Hello @ Sergey Zakharov,

    Thanks for reaching out to Microsoft Q&A.

    As discussed, a single WAF rule is sufficient to block the traffic. After removing the second WAF rule, your issue was resolved.

    Regarding the other user, you confirmed that the connection failed because their IP address was IPv6, while only an IPv4 address had been configured in the system. Once the IPv6 address was added to the configuration, everything worked correctly.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Q&A Assist
    2026-02-13T10:20:30.54+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like you're experiencing issues with your Azure Front Door WAF custom rule that is intended to allow traffic from a specific IP address while blocking others. Here are a few things to consider that might help troubleshoot the problem:

    1. Match Variable: Ensure that you are correctly using the SocketAddr match variable. This variable represents the source IP address that the WAF sees. If the client is behind a proxy, the SocketAddr may not match the expected IP.
    2. IP Address Format: Double-check the format of the IP address you are allowing. Ensure that it is in the correct CIDR format if you are using a range. For a single IP, it should be formatted as xyz/32.
    3. Rule Priority: Make sure that the priority of your custom rule is set correctly. Lower numbers indicate higher priority, and the WAF processes rules in order of priority. If there are other rules that might be conflicting, they could be taking precedence.
    4. WAF Policy Mode: Since you are using the Prevention mode, ensure that the rule is configured to allow traffic from the specified IP. If the rule is not set up correctly, it may still block the traffic.
    5. Propagation Time: Although you mentioned waiting over 60 minutes, sometimes changes can take longer to propagate. Consider checking the WAF logs to see if there are any clues as to why the requests are still being blocked.
    6. WAF Logs: Review the WAF logs for any entries related to the blocked requests. This can provide insight into why the requests from the allowed IP are still receiving a 403 Forbidden response.

    If you have verified all these aspects and the issue persists, you may want to consider reaching out to Azure support for further assistance.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.