Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know the best methods to configure health probes for a Storage Account.
If you directly access the FQDN of a storage account, you should get a 4xx Status Code. This is expected.
The proper way to configure this is by specifying the absolute path of the resource, for e.g.
https://<storageaccount>.blob.core.windows.net/<container>/<healthcheckfile.html>
I see you are using AAD Authentication. This complicates the health probe check.
Please note currently Azure Application gateway cannot use managed identities to access other services, at least not directly.
We can overcome this by using SAS Tokens/URL
You can create a new container with a healthCheck file, specifically for HealthCheck and either
- Use SAS
- or allow private subnet access (and not use AAD)
Use SAS URL:
- Here, you will be required to create a SAS URL
- And create a custom Probe and the backend path should be , "/container/healthcheckfile.html/?<SAS>"
- The HealthChecks should now succeed.
Normal private subnet access
- Here, we do not impose any authentication, just allow Private subnet access.
I hope was able to help.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.