How do I disabled access from my CDN endpoint hostname (i.e. .azureedge.net), and only allow access from my custom domains that I added?

Sajid Ahmed 0 Reputation points
2024-02-02T23:56:29.0233333+00:00

I added custom domains with my Azure Front Door and CDN for a static website that I'm hosting on Blob Storage.

They work okay and there are no issues with the custom domains itself. However, the sites are also accessible from the original CDN and the Azure Blob Storage hostnames too, such as mysite.azureedge.net and mysite.z7.web.core.windows.net respectively.

I do not want it to be this way, because:
Firstly, it's redundant. Does not add any value.
Secondly, search engines might find my site using the original hostnames and index my site accordingly.
Thirdly, my site can be considered a duplicate and be flagged by external bots/search engines.
Lastly, it's just not great to have this behavior. Particularly, not a great impression if a user discovers it.

Would love to know if there's a way disable the original URLs, or any other way resolve this issue.

Thanks

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
587 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,452 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 23,181 Reputation points Microsoft Employee
    2024-02-03T02:33:15.0433333+00:00

    @Sajid Ahmed

    Thank you for reaching out.I understand that you have added custom domains for your Azure Front Door and backend is a static website that you have hosted on Blob Storage. The requirement here is to make backend host URL not accessible from Internet.

    The recommended solution here will be to use Azure FrontDoor Premium tier and access Azure Storage account by using Private Link.

    You can go through this article to understand how this set-up works.

    User's image

    In this set-up the storage account is configured to deny direct access from the internet, and to only allow requests through the private endpoint connection used by Front Door. This configuration ensures that every request gets processed by Front Door, and avoids exposing the contents of your storage account directly to the internet.

    You can follow the tutorial here to configure Azure Front Door Premium to a storage static website with Private Link.

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A! User's image

  2. peter 0 Reputation points
    2024-02-03T18:51:23.07+00:00

    I am facing the same problem on my site.

    0 comments