Allow only traffic from Front End to ADF front door
I have two app services one running the front end and one running the back end (REST API) Both app services have an instance of Front-Door and WAF in front of them.
Now I would like to create a custom rule on the backend FD to make sure it only allows traffic from the front end. This is to avoid a malicious user can use postman to access APIs or create robots
I have tried to create a custom rule whitelisting the front-end IP address but it is not working. (requests are blocked).
Any suggestions?
At the front door, there were no direct firewall blocks, such as Application Gateway or app services. We should be restricted via the IP restriction rule under firewall blocking using WAF.
In this case, we need to restrict the traffic from the backend [App Services side] by setting up inbound and outbound traffic permissions via VNet.
The front door always routes traffic to the appropriate backends; if an end point is unavailable, it checks failover endpoints. If those are not available or reachable, the error "Services are not available, such as" will be displayed.
NOTE: Find reference links for more information.