Hello @Koteswara Pentakota ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you would like a Firewall recommendation for Azure Static web apps which will provide WAF capability and URL redirect of your apex domain.
Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities. WAF can be deployed with Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) service from Microsoft. WAF on Azure CDN is currently under public preview.
Refer : https://learn.microsoft.com/en-us/azure/web-application-firewall/overview
You can configure your static web app behind Azure Application Gateway or a CDN like Azure Front Door. You can decide on which product to use by considering the cost and features provided by that product.
Refer : https://learn.microsoft.com/en-us/azure/static-web-apps/faq#how-do-i-configure-my-static-web-app-behind-azure-application-gateway-or-a-cdn-like-azure-front-door-
https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview#decision-tree-for-load-balancing-in-azure
You can configure IP restriction on Azure Front Door or Application gateway to allow access to a few sources IPs.
For Azure Front Door IP restriction : https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/waf-front-door-configure-ip-restriction
For Application gateway IP restriction : https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#allow-access-to-a-few-source-ips
You can implement URL rewrites & redirects with Azure Front Door and Application gateway:
Azure Front Door:
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-url-rewrite?pivots=front-door-classic
https://learn.microsoft.com/en-us/azure/frontdoor/front-door-url-redirect?pivots=front-door-classic
Application gateway:
https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-url-portal
https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url
You can also onboard a root or apex domain on Azure Front Door or Azure CDN, so that you can point your root domain and subdomain to the FD or CDN profile. For example, contoso.com and www.contoso.com can point to the same Front Door/CDN profile and your users can access your site using contoso.com without the need to prepend www to the DNS name. This can be achieved using Azure DNS or external DNS provider.
For Azure Front Door : https://learn.microsoft.com/en-us/azure/frontdoor/front-door-how-to-onboard-apex-domain
For Azure CDN : https://learn.microsoft.com/en-us/azure/cdn/onboard-apex-domain
But Application gateway doesn't provide this feature.
So if we compare the 3 products:
Azure Application gateway provides WAF, IP restriction and URL rewrites but no support for Apex domain.
Azure CDN supports URL rewrites and Apex domain but the WAF feature is in preview.
Azure Front Door provides WAF, IP restriction, URL rewrites and support Apex domains.
So, my recommendation would be to go with Azure Front Door.
We already have an official documentation on how to configure Azure Front Door for Azure Static Web Apps.
Refer : https://learn.microsoft.com/en-us/azure/static-web-apps/front-door-manual
Kindly let us know if the above helped or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.