If you don’t want traffic from countries outside your target audience in your Power Pages site (as you could have increased traffic without adding value and potentially pose security risks), you can use the Web Application Firewall (WAF) in Power Pages to restrict access from specific countries.
Check out how to do it.
Turning on WAF
Open the Power Platform Admin Center.
Select your Power Pages site, then look for Web Application Firewall.
If WAF is off, switch it on. If it’s already on, you’re good.
Note: You also need to have CDN turned on in order to enable WAF.
Add a Rule to Block a Country
Click “Add new rule”. Choose “Custom Rules” as the category. Select “Match” as rule type, and select “Geo Location” as Match Type.
Select the Countries you want to prevent traffic, and select “Deny” as Traffic Settings:
Click “Add” to add the rule. And save the overall configs.
Testing the results
Use a VPN set to that country and try visiting your site.
From that country, you should see the block message:
From your normal location, the site should work fine.
Important
Blocking countries is not perfect. Some users can use VPNs to bypass (the same way we used to test it from a blocked country), but it adds a layer of complexity in order to do that.
Conclusion
The Web Application Firewall helps you prevent unwanted traffic. With a couple of quick steps, you can block visitors from countries you don’t want access from. That way, your site stays focused on the audience you care about, while reducing unwanted traffic and maintaining security.
References
Configure Web Application Firewall for Power Pages – Microsoft Learn
