Rewrite Rules Azure front Door to Blob Storage Origin

Modou Diouf 0 Reputation points
2024-03-21T15:21:03.5366667+00:00

Hi,
I have an issue with the rewriting of url rules for requests incoming on azure front door to origin blob storage.
Below my azure front door rewrite rule configuration.
Capture d’écran 2024-03-21 à 16.13.24

And when use try to access to the blob using the front door endpoint
https://edpdemod-fha7znhhgmuscwbt.z01.azurefd.net/images/test i have this result in my browser

<Error>

<Code>ResourceNotFound</Code>

<Message>

The specified resource does not exist. RequestId:7f8a2edf-a01e-0032-7ca1-7be089000000 Time:2024-03-21T15:10:00.5072301Z

</Message>

</Error>

Please can you help me ?
For Infos, i use Front door premium with Private Endpoint enabled.
Thanks !

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
676 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,859 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 45,366 Reputation points Microsoft Employee
    2024-03-22T05:54:25.3733333+00:00

    @Modou Diouf ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    Can you confirm if

    • https://<YourStorageAccount>.blob.core.windows.net/demo/grafana.png and
    • https://<AFDEndPoint>/demo/grafana.png works?
    • Here, in AFD, first make sure the URL works without any Rewrite, then you may proceed with creating Rewrite Rules.

    I believe this error is coming directly from the Storage Account and not from AFD

    • I see you have used Private EndPoint enabled. This would help you provide Network security
    • However, storage account also has Authorization (either via Entra or Access keys).
    • So, make sure that "demo" container is having Anonymous access level set to Container User's image
    • See : About anonymous read access
    • Once done, please let me know if https://<YourStorageAccount>.blob.core.windows.net/demo/grafana.png and https://<AFDEndPoint>/demo/grafana.png works or not?

    NOTE:

    • Public/private Networking access is different from authorization
    • To test https://<YourStorageAccount>.blob.core.windows.net/demo/grafana.png, you will have to allow your Public IP in Storage Account Firewall
    • See : Grant access from an internet IP range
    • For testing, allow every Public IP and test if you are able to access the Storage Account URL as above User's image

    Once you are able to get the Storage Account URI working, please check the same for AFD and let me know the results.

    Cheers,

    Kapil


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.