You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/ag/geomatch-custom-rules.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: halkazwini
5
5
ms.author: halkazwini
6
6
ms.service: azure-web-application-firewall
7
7
ms.topic: concept-article
8
-
ms.date: 09/05/2023
8
+
ms.date: 04/30/2025
9
9
---
10
10
11
11
# Geomatch custom rules
@@ -15,16 +15,16 @@ Custom rules allow you to create tailored rules to suit the exact needs of your
15
15
To create a geo-filtering custom rule in the Azure portal, select *Geo location* as the Match Type, and then select the country/region or countries/regions you want to allow/block from your application. When creating geomatch rules with Azure PowerShell or Azure Resource Manager, use the match variable `RemoteAddr` and the operator `Geomatch`. For more information, see [how to create custom rules in PowerShell](configure-waf-custom-rules.md) and more [custom rule examples](create-custom-waf-rules.md).
16
16
17
17
> [!NOTE]
18
-
> Geo-filtering works based on mapping each request's IP address to a country or region. There might be some IP addresses in the data set that are not yet mapped to a country or region. To avoid accidentally blocking legitimate users, Application Gateway's WAF allows requests from unknown IP addresses.
18
+
> Geo-filtering works based on mapping each request's IP address to a country or region. There might be some IP addresses in the data set that aren't yet mapped to a country or region. To avoid accidentally blocking legitimate users, Application Gateway's WAF allows requests from unknown IP addresses.
19
19
20
20
> [!IMPORTANT]
21
-
> Include the country code **ZZ** whenever you use geo-filtering. The **ZZ** country code (or *Unknown* country/region) captures IP addresses that are not yet mapped to a country or region in our dataset. This avoids false positives.
21
+
> Include the country code **ZZ** whenever you use geo-filtering. The **ZZ** country code (or *Unknown* country/region) captures IP addresses that aren't yet mapped to a country or region in our dataset. This avoids false positives.
22
22
23
-
## Country/Region codes
23
+
## Country/region codes
24
24
25
-
If you're using the Geomatch operator, the selectors can be any of the following two-digit country/region codes.
25
+
If you're using the *geomatch* operator, the selectors can be any of the following two-digit country/region codes.
26
26
27
-
|Country/Region code | Country/Region name |
27
+
|Country/region code | Country/region name |
28
28
| ----- | ----- |
29
29
| AD | Andorra |
30
30
| AE | United Arab Emirates|
@@ -55,7 +55,7 @@ If you're using the Geomatch operator, the selectors can be any of the following
55
55
| BM | Bermuda|
56
56
| BN | Brunei|
57
57
| BO | Bolivia|
58
-
| BQ | Bonaire, Sint Eustatius and Saba|
58
+
| BQ | Bonaire, Sint Eustatius, and Saba|
59
59
| BR | Brazil|
60
60
| BS | Bahamas|
61
61
| BT | Bhutan|
@@ -275,7 +275,7 @@ If you're using the Geomatch operator, the selectors can be any of the following
275
275
| ZM | Zambia|
276
276
| ZW | Zimbabwe|
277
277
278
-
## Next steps
278
+
## Related content
279
279
280
280
-[Create your own custom rules](create-custom-waf-rules.md)
281
281
-[Use Azure WAF geomatch custom rules to enhance network security](../geomatch-custom-rules-examples.md)
0 commit comments