Azure Front Door, forwarding rules to blob storage

tuck1s 111 Reputation points
2021-02-08T16:35:16.917+00:00

I've created a Blob Container and set it for public blob access. The purpose of this is to serve files from the path /.well-known/

for Android and iOS deep links.

The files are accessible on: https://engagementtracking.blob.core.windows.net/well-known/assetlinks.json
and https://engagementtracking.blob.core.windows.net/well-known/apple-app-site-association

as can be seen from an external curl request such as 

curl -v https://engagementtracking.blob.core.windows.net/well-known/assetlinks.json

(note that the Azure Blob Container name does not permit a leading period, so the full solution will need rewrite rules).

I've created a Backend that refers to the Storage Account.
I've created a Routing rule that matches /.well-known/* and rewrites the URL to /well-known/, to match the container name, but I can't get it to work on my custom domain. It gives a 400 error.

I've tried other combinations e.g. omitting the leading dot from the routing rule, matching /* as a catchall etc.

Is there a simple tutorial on how to serve files from a blob container via Front Door? I found this: https://techcommunity.microsoft.com/t5/azure-developer-community-blog/azure-on-the-cheap-azure-storage-static-website-and-azure-front/ba-p/1297084 but it seems to be using a different storage type, and crucially doesn't show the forwarding path used.

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
576 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,426 questions
Accepted answer
  1. tuck1s 111 Reputation points
    2021-02-11T21:11:45.53+00:00

    Update 4: I got this working. The trick was to create the storage (Gen 2) , then under "settings" enable "Static Website".

    This seems to do a few things:

    • Enables an endpoint of the form xxxx.z5.web.core.windows.net (as opposed to the normal blob access that has "blob.core.windows.net" in the path)
    • This creates containers called $log and $web
    • The $web container can (unlike a regular container) have a filename starting with a period, such as .well-known (note this is shown in the gray bar above)
    • Then you need to enable public access to the $web container 67116-screenshot-2021-02-11-at-210355.png
    • Then wait for the public access to be enabled ..
    • In the Front Door Designer, create a backend rule of type "Custom Host" that points to your "web.core.windows.net" resource
    • Save and wait for the Front Door to update (can take 5 - 10 mins). In my above testing I was waiting until the status indicator top right showed it was done. Actually you have to watch the "Activity Log" to see that it's really done.
    1 person found this answer helpful.
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. tuck1s 111 Reputation points
    2021-02-08T17:30:41.437+00:00

    Update 2: no longer applies. I was just not waiting long enough for the change to propagate.

    1 person found this answer helpful.
    0 comments
  2. Ganeshraj Kandasamy 1 Reputation point
    2022-09-26T06:15:32.39+00:00

    I don't want to use static website I want to use the file inside container
    what can I do to redirect to the specific blob using AFD?
    How to set routing rules for that?

    0 comments