We use Azure and Azure WAF and want to block proxy and VPN traffic. I see that AWS has a managed list of anonymous IPs which looks like it makes it easy to block these IPs. Does Azure have a similar service.
If not, is there any best practice for blocking requests from proxy/VPN IPs?
I see that there are a number of services (eg. IP2Location, MaxMind, Queue-it, IPHub) that provide lists of these IPs, but I’m not sure about the best way to use these to block traffic from Azure. Any advice would be much appreciated.
It is poorly documented but there is default feature/rule that blocks bots. This bot rule does a lot more then blocking bots. The bot rule contains malicious IP’s and is updated trough Microsoft Threat Intelligence Feed. The Microsoft Threat intelligence feed is pretty good.
Still I can understand your question. I’m also curious if it is possible to use custom blocklists that are updated on regularly bases.
WAF currently has the following functions: SQL injection protection, cross-site script protection, protection against common Web attacks, such as command injection, HTTP request smuggling, HTTP response splitting, and remote file inclusion attacks, protection against HTTP protocol violations, and protection against HTTP protocol anomalies, such as missing host user agents and accept headers. Prevent automatics, crawlers, and scanners from detecting common application error configurations (i.e., Apache, IIS, and so on). Do not know your question to the specific operation, this function may be difficult to achieve?