Windows Azure Firewall not blocking traffic to the external URL of the Application Gateway Associated to it

Trying to block all the traffic from the internet, except from our two main gateways external IPs. Created a rule but nevertheless no traffic is being blocked

Any given help will be very much appreciated

Added the json result fro the commandlet below:

az network application-gateway waf-policy list --resource-group mygroup --subscription ******

[
  {
    "applicationGateways": [
      {
        "id": "/subscriptions/*****/resourceGroups/******/providers/Microsoft.Network/applicationGateways/myAppGateway",
        "resourceGroup": "******"
      }
    ],
    "customRules": [
      {
        "action": "Block",
        "matchConditions": [
          {
            "matchValues": [
              "*.*.*.*/32",
              "*.*.*.*/32"
            ],
            "matchVariables": [
              {
                "variableName": "RemoteAddr"
              }
            ],
            "negationConditon": true,
            "operator": "IPMatch",
            "transforms": []
          }
        ],
        "name": "ActivusExternalIPsAllowed",
        "priority": 10,
        "ruleType": "MatchRule",
        "state": "Enabled"
      }
    ],
    "etag": "W/\"f3cf2cee-5209-4454-afab-f22ea98350e5\"",
    "id": "/subscriptions/*******/resourceGroups/Structurizr/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/MyWAF",
    "location": "uksouth",
    "managedRules": {
      "exclusions": [],
      "managedRuleSets": [
        {
          "ruleGroupOverrides": [],
          "ruleSetType": "OWASP",
          "ruleSetVersion": "3.2"
        }
      ]
    },
    "name": "MyWAF",
    "policySettings": {
      "fileUploadEnforcement": true,
      "fileUploadLimitInMb": 100,
      "maxRequestBodySizeInKb": 128,
      "mode": "Detection",
      "requestBodyCheck": true,
      "requestBodyEnforcement": true,
      "requestBodyInspectLimitInKB": 128,
      "state": "Enabled"
    },
    "provisioningState": "Succeeded",
    "resourceGroup": "Structurizr",
    "type": "Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies"
  }
]

I tried the above created an application gateway, associated a WAF into it and created a rule, nevertheless the whole internet got access to the app

created an application gateway, associated a WAF into it and created a rule, nevertheless the whole internet got access to the app.

Make sure to check the WAF Policy rule and Policy Mode in your case.

To block internet access and allow specific IPs in the application gateway, you need to create a WAF rule as follows.

As per the rule below, if traffic comes from any source other than the specified 2 IPs, it will be blocked automatically.

Make sure to check the WAF policy mode, it should be set to prevention, not detection.

Application Gateway configuration

After creating the WAF policy and assigning it to the application gateway, I am able to access the application from the allowed IPs, as demonstrated below

When I try to access the same application from unauthorized IPs, the gateway blocks the traffic.