Merge pull request #39403 from teresayao/patch-6

ShannonLeavitt · web-flow · commit 079ba85f78c0 · 2019-09-24T01:39:59.000-07:00
Update waf-overview.md
diff --git a/articles/frontdoor/waf-overview.md b/articles/frontdoor/waf-overview.md
@@ -68,7 +68,7 @@ A WAF policy can consist of two types of security rules - custom rules, authored
 
 You can configure custom rules WAF as follows:
 
-- **IP allow list and block list:** You can configure custom rules to control access to your web applications based on a list of client IP addresses or IP address ranges. Both IPv4 and IPv6 address types are supported. This list can be configured to either block or allow those requests where the source IP matches an IP in the list.
+- **IP allow list and block list:** You can configure custom rules to control access to your web applications based on a list of client IP addresses or IP address ranges. Both IPv4 and IPv6 address types are supported. This list can be configured to either block or allow those requests where the source IP matches an IP in the list. A client IP address can be different from the IP address WAF observes, for example, when a client accesses WAF via a proxy. You can create [IP restriction rules](https://docs.microsoft.com/azure/frontdoor/waf-front-door-configure-ip-restriction) based on either Client IP addresses (RemoteAddr) or IP addresses seen by WAF (SocketAddr). Configuration of a SocketAddr IP restriction rule is currently supported using Powershell and Azure CLI.
 
 - **Geographic based access control:** You can configure custom rules to control access to your web applications based on the country code associated with a client’s IP address.
 
