HTTP requests often pass through one or more proxy servers before they reach the endpoint web server, which changes the source IP address for the request. As a result, endpoint web servers cannot rely on the source IP from the network connection (socket) to be the IP address of the original request. For this reason, you may want to use one of two options to preserve the original client IP address: X-Forwarded-For (XFF), or transparent proxy.
The backend server sees requests via its logs as coming from the Application Gateway (via its private IP Address) and not on the requesting “public” IP Address.
How do I configure WAF so that it will preserve/pass the requests as coming from public P address (not the private IP address)?
We are unable to preserve the client IP because the Application gateway is a proxy. It will replace the original client IP with the Application gateway instance IP and forward requests to the backend server. However, Application gateway inserts extra headers to all requests before it forwards the requests to the backend. It includes the x-forwarded-for header which has the original client IP information.
You can configure Application gateway to modify request and response headers and URL by using Rewrite HTTP headers and URL or to modify the URI path by using a path-override setting. However, unless configured to do so, all incoming requests are proxied to the backend.
You can use header rewrite to remove the port information from the X-Forwarded-For header to only keep the IP addresses.