Azure Web Application Firewall has the capability to block known malicious IP addresses, which is a function that has become a standard common practice with almost every web application or next-generation firewall deployed in enterprise environments. A policy should be configured to match on known malicious IPs and block them.
Web Application Firewall policies are often created to block lists of known malicious IP addresses. These lists can be curated by individual organizations as needed, but are typically purchased from vendors that maintain the lists continuously. Once a list of malicious IP addresses is prepared, follow the steps below to create a WAF policy to block them.
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/web-application-firewall/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/web_application_firewall_policy#custom_rules
https://www.maxmind.com/en/high-risk-ip-sample-list