0

I have a scenario in which I want to block some requests. There is a property set in Identity claims and I want to deny the request based on that property. Let's say that claims have a proper named "prop1". I want to make sure that if prop1 has a value "value1" then I want to block that specific request. Kindly share how can I do this.

Thanks

I have gone through the "Custom Rules" in "Front Door WAF policy" but I have found no option to check value in claims.

Razi Gohar
  • 1

1 Answers1

0

To block some requests in Azure Front Door, check the below:

In your WAF policy go to Custom Rules add rule type and add condition match type as string and match variable as RequestUri is contain prop1 and value 1 action to be deny

enter image description here

The request which contains cdnnfn blocked successfully like below:

enter image description here

enter image description here

Reference:

Tutorial: Create WAF policy for Azure Front Door - Azure portal | Microsoft Learn

Imran
  • 3,875
  • 2
  • 3
  • 12
  • This is not the solution actually. You are using RequestUri, but I am talking about to block the request on the basis of claims value. – Razi Gohar Jul 06 '23 at 12:22
  • 1
    Azure Front Door does not support checking values in claims as part of its WAF policy. However, you can use Azure API Management in conjunction with Azure Front Door – Imran Jul 06 '23 at 12:26
  • Is there any other way? I mean we can use any other service beside Azure API Management? – Razi Gohar Jul 06 '23 at 13:02
  • Using Azure Function proxies you can requests to your backend service and Configure Azure AD authentication ensure that the claims are available in the request context Add a policy to your Azure Function that checks the "prop1" claim in the request context. If the value of the claim is "value1 Configure Azure Front Door to route requests to your Azure Function.using routing rule based on the path, hostnam and Configure Azure Front Door to use the Azure Function as the backend for your Front Door instance. – Imran Jul 07 '23 at 05:29
  • Another option is to use Azure Application Gateway with Azure Front Door. You can configure Azure Application Gateway to perform authentication and authorization checks, and then use Azure Front Door to route requests to the Application Gateway – Imran Jul 07 '23 at 05:29