I'm trying to secure a specific URL that is linked to an Azure Application Gateway featuring WAF v2. My goal is to limit access to this URL so that only certain App Services, like myapp1.azurewebsites.net and myapp2.azurewebsites.net, can connect to it. Despite searching for guidance online and consulting with ChatGPT, I found that directly configuring URLs in a WAF custom rule for access isn't possible. Does anyone have suggestions on how to allow certain URLs through WAF?
2 Answers
So, you want to restrict access so that only a few App Services can connect to the Application Gateway? Have you considered using VNet integration? It can be easier and more secure to have everything within the same network. If you must use WAF, there are ways to implement that too!
Are you looking to have a couple of specific websites behind the Application Gateway, or do you have multiple sites behind it and just want these two to access the URLs? It helps to clarify your setup a bit more!
Going with VNet integration sounds like a solid plan! It keeps things simpler and allows you to maintain tight control over traffic. If WAF is essential, you might think about using an internal AGW as an alternate route, but that could complicate things more than necessary.