As I mentioned in the introduction in Part one, the end goal is to demonstrate how to control inbound access based on IP address restrictions to one of my two websites running on the Windows® virtual machine (VM). Part two of the series laid the foundation with the the Application Gateway configuration. Now, in this final post of the series, I walk thorough the Web Application Firewall (WAF) policy creation and test the custom rule. I will restrict access to site2.hiteshvadgama.co.uk.

In Part one of this three-part series, I introduced the concept of the per-site web application firewall (WAF) Policy with IP address rule restrictions and set the stage for this demonstration. Part one also lays out the assumptions for the implementation walkthrough. In this post, I present the Application Gateway configuration.

I recently worked with a client who had multiple public-facing Internet Information Services (IIS) websites hosted on an Azure® virtual machine (VM). The client wanted to restrict inbound internet access to one specific website by specifying a set of allowed external IP addresses and leave the traffic flow for the other websites unaffected.

Microsoft® has finally provided VNET peering support for Azure Bastion. This offering has been a much-anticipated feature release, which I’m sure many folks are happy to see available.