Remove my IP from WAF default' blocklists

Question

Remove my IP from WAF default' blocklists

Allan ELKAIM 0

Hello,

Since almost a month, it has become impossible for me to access a lot of different services that are behind WAF, including Netatmo's (smart home appliance manufacturer) servers.

After reaching to Netatmo's customer supports, they told me that my IP was matching the rule: Microsoft_BotManagerRuleSet-1.1-BadBots-Bot100100 and that it was the reason why my requests are now blocked.

I have absolutely no idea how / why my IP is now recently considered as malicious by your services, but it is blocking me for accessing a lot of services behind WAF which is a huge problem.

I have asked my ISP to assign a new IP to me but it is not possible to do so.

Is there a procedure to have my IP removed from Microsofts Azure blocklists ?

I thank you in advance.

Regards,

Allan.

Allan ELKAIM 0 Reputation points

2025-11-07T22:11:50.3666667+00:00

Hi @Jeevan Shanigarapu

I understand that I can ask them to create a custom rule for my IP, but I have identified others services (such as https://1drv.ms/ links) that seem to use the exact same blocklist which result in me not being able to access those services.

In this specific case, it is impossible for me to access the following link: https://1drv.ms/x/s!ArM35g0UkWjvjcVPT-fhFPPCZUfDLw?e=BOxScl

So here the only option would be for Microsoft to review my IP, but there is absolutely no way of reaching out to the team in charge of this.

What are my options if I need my IP to be removed for this Microsoft Threat Intelligence list ?
Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator

2025-11-07T23:08:09.78+00:00
Hello @Allan ELKAIM,

Thank you for your follow-up.

You are right that Microsoft services such as OneDrive also use Azure’s Web Application Firewall (WAF) and Microsoft Threat Intelligence. If an IP address is flagged by a rule like Microsoft_BotManagerRuleSet-1.1-BadBots-Bot100100, it can impact access to various Microsoft-hosted endpoints. Microsoft’s bot protection blocks addresses that display patterns similar to automated or malicious activity, but sometimes a legitimate IP may be incorrectly flagged.

If you manage Azure resources: Add a custom WAF rule to allow your IP. This is the fastest way to restore access for systems you control.

For Microsoft-hosted services (like OneDrive): There is no self-service option to remove your IP from Microsoft’s global reputation list.

As a temporary solution, you can try connecting through a different network, like a mobile hotspot or VPN, while waiting for the support review to finish.

Microsoft restricts direct changes to its global threat lists for security reasons, so submitting an official support request is the appropriate and secure way to address this issue.

Kindly let us know if the above helps or you need further assistance on this issue.
Allan ELKAIM 0 Reputation points

2025-11-08T07:19:34.2466667+00:00

Thank you for your answer @Jeevan Shanigarapu

So I'm not sure what the solution is here to access Microsoft-hosted services (like OneDrive), because you said:

submitting an official support request is the appropriate and secure way to address this issue.

But this doesn't seem to be possible as an individual, and only possible as a customer of Microsoft Azure, is it correct ?
Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator

2025-11-11T20:57:37.1133333+00:00

Hello @Allan ELKAIM,

You are correct, Microsoft’s global threat intelligence lists can’t be changed by individuals due to security policies. For Microsoft-hosted services such as OneDrive, the official way to request a review of your IP reputation is by opening a Microsoft Support case.

If you have an Azure subscription, even a basic one, you can submit a support ticket through the https://portal.azure.com.

If the provided information was helpful, please accept the below answer. It will help for others in the community.

1 answer

Your answer

Allan ELKAIM 0 Reputation points

2025-11-07T22:11:50.3666667+00:00

Hi @Jeevan Shanigarapu

I understand that I can ask them to create a custom rule for my IP, but I have identified others services (such as https://1drv.ms/ links) that seem to use the exact same blocklist which result in me not being able to access those services.

In this specific case, it is impossible for me to access the following link: https://1drv.ms/x/s!ArM35g0UkWjvjcVPT-fhFPPCZUfDLw?e=BOxScl

So here the only option would be for Microsoft to review my IP, but there is absolutely no way of reaching out to the team in charge of this.

What are my options if I need my IP to be removed for this Microsoft Threat Intelligence list ?
Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator

2025-11-07T23:08:09.78+00:00

Hello @Allan ELKAIM,

Thank you for your follow-up.

You are right that Microsoft services such as OneDrive also use Azure’s Web Application Firewall (WAF) and Microsoft Threat Intelligence. If an IP address is flagged by a rule like Microsoft_BotManagerRuleSet-1.1-BadBots-Bot100100, it can impact access to various Microsoft-hosted endpoints. Microsoft’s bot protection blocks addresses that display patterns similar to automated or malicious activity, but sometimes a legitimate IP may be incorrectly flagged.

If you manage Azure resources: Add a custom WAF rule to allow your IP. This is the fastest way to restore access for systems you control.

For Microsoft-hosted services (like OneDrive): There is no self-service option to remove your IP from Microsoft’s global reputation list.

As a temporary solution, you can try connecting through a different network, like a mobile hotspot or VPN, while waiting for the support review to finish.

Microsoft restricts direct changes to its global threat lists for security reasons, so submitting an official support request is the appropriate and secure way to address this issue.

Kindly let us know if the above helps or you need further assistance on this issue.
Allan ELKAIM 0 Reputation points

2025-11-08T07:19:34.2466667+00:00

Thank you for your answer @Jeevan Shanigarapu

So I'm not sure what the solution is here to access Microsoft-hosted services (like OneDrive), because you said:

submitting an official support request is the appropriate and secure way to address this issue.

But this doesn't seem to be possible as an individual, and only possible as a customer of Microsoft Azure, is it correct ?
Jeevan Shanigarapu 3,355 Reputation points Microsoft External Staff Moderator

2025-11-11T20:57:37.1133333+00:00

Hello @Allan ELKAIM,

You are correct, Microsoft’s global threat intelligence lists can’t be changed by individuals due to security policies. For Microsoft-hosted services such as OneDrive, the official way to request a review of your IP reputation is by opening a Microsoft Support case.

If you have an Azure subscription, even a basic one, you can submit a support ticket through the https://portal.azure.com.

If the provided information was helpful, please accept the below answer. It will help for others in the community.

Answer 1

Hello @Allan ELKAIM,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand your question regarding removing your IP from the WAF default blocklists.

The rule you mentioned Microsoft_BotManagerRuleSet-1.1-BadBots-Bot100100 is part of Azure’s Web Application Firewall (WAF) bot protection system. This system uses Microsoft Threat Intelligence to detect and block IP addresses that appear to act like malicious bots. Occasionally, a legitimate IP address may be incorrectly identified, resulting in a false positive.

Verify the Block: Check your WAF or service provider logs to see if your IP is being blocked by this rule.
Contact the Service Owner: Since WAF policies are controlled by the application or service owner (in this case, Netatmo), reach out to them. They can add an exception or custom rule to allow your IP in their Azure WAF policy, which is usually the fastest way to regain access.

Microsoft’s Role: Azure WAF relies on dynamic threat intelligence and reputation data that is continuously updated, so there isn’t a single blocklist you can edit directly. If your IP was mistakenly blocked, the service owner can override the block locally.

If You Manage Azure Resources: If you control the Azure environment, you can add a custom WAF rule through the Azure portal to specifically allow your IP.

For more information, please refer the links below:

WAF on Azure Application Gateway bot protection overview - Azure Web Application Firewall | Microsoft Learn

Configure bot protection for Web Application Firewall with Azure Front Door | Microsoft Learn

Kindly let us know if the above helps or you need further assistance on this issue.

Please do not forget to "Accept the answer” and “up-vote it” wherever the information provided helps you, this can be beneficial to other community members__.__ It would be greatly appreciated and helpful to others.

Share via

Remove my IP from WAF default' blocklists

1 answer

Your answer