Share via

Can we mask or hide the storage account name in the blob URL

Madan, Mohit 35 Reputation points
2024-03-11T11:55:08.9433333+00:00

Hi Team,

Let's say we have some data stored (like docs etc) in our storage account and it can be accessed using https://my-storage-account-name.blob.core.windows.net/container/ABC.docx
We have a requirement to hide the storage account name in the URL, preventing the storage name from being exposed in the browser.

Can we hide the storage account name in the URL within the browser OR provide an alias name for the storage container?

Regards,

Mohit

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,944 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amrinder Singh 4,670 Reputation points Microsoft Employee
    2024-03-11T12:04:36.1133333+00:00

    Hi @Mohit Madan - Thanks for reaching out.

    If you have blob present in the storage and accessible over browser, I believe you are having the access level of the container set as Blob as a result the blob can be accessed anonymously. The recommendation is that you can change the access level to Private and then make use of SAS scheme which will put some kind of control and not allow blob to be accessed anonymously.

    You can't hide or mask but there are some alternatives. You can make use Azure CDN or AFD on top of Azure Storage and then make call via that. This way the storage account will not be exposed directly.

    https://learn.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-name?tabs=azure-portal#map-a-custom-domain-with-https-enabled

    With CDN, it provide an option of re-witing the rules as well so you can generate a URL along with SAS at the CDN level which will help controlling the security as well.

    Let me know if there are any further queries/concerns, will be glad to assist.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
  2. Sumarigo-MSFT 45,416 Reputation points Microsoft Employee
    2024-03-12T05:19:18.0366667+00:00

    @Madan, Mohit Adding more information to the above response!
    Yes, you can hide the storage account name in the URL within the browser by using a custom domain name or a CNAME record. Here are the general steps you can follow:

    Register a custom domain name that you want to use for your storage account. You can do this through a domain registrar or through Azure DNS.

    Create a CNAME record that maps your custom domain name to your storage account name. You can do this through your domain registrar or through Azure DNS.

    Configure your storage account to use your custom domain name. You can do this through the Azure portal or using the Azure Storage REST API.

    Access your storage account using the custom domain name instead of the storage account name. For example, you can access your file using the URL https://my-custom-domain.com/container/ABC.docx instead of https://my-storage-account-name.blob.core.windows.net/container/ABC.docx.

    By using a custom domain name or a CNAME record, you can provide an alias name for your storage container and hide the storage account name in the URL within the browser.

    I hope this helps! Let me know if you have any other questions.

    1 person found this answer helpful.
    0 comments
  3. Olaf Helper 43,246 Reputation points
    2024-03-11T19:33:40.6133333+00:00

    preventing the storage name from being exposed in the browser.

    The name is a major (mandatory) part of the URL, how could it ever work without?

    It can't.

    0 comments