Static website hosted on Storage Account(SA) throws 404 when VNet is configured in the SA

suvra jyoti 131 Reputation points
2022-04-01T13:31:57.837+00:00

We have hosted a static website on a Storage Account(GPV2). Under the Security blade of the Storage Account we are seeing the recommendations shown below. We are good with the 3rd recommendation.

189164-sa-security-recommendations.jpg

We have configured Azure CDN for this Static website. User will access this website over the Internet. At the moment the Storage Account is being used for this website only.

In order to implement both the highlighted ones, we would need to configure a VNET for the Storage Account(recommended remediation step on the azure portal) using the route Networking -> Firewall & VNet.

But on configuring the Storage Account with VNet the static website throws HttpStatusCode: 404 Error.

Suvrajyoti189702-sa-networking.jpg

We cannot specify Vnet rules here like allowing Ip address range since the site is exposed publicly. Also thought of using the IP range of Azure CDN, but those will change everyday that we will need to update in the Alllowed Ip range List everyday.

How should we go about implementing the same or is it not possible/required to implement.

Thanks,

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,296 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,826 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 40,716 Reputation points Microsoft Employee
    2022-04-04T13:37:21.23+00:00

    @suvra jyoti Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    Yes. This is expected. Azure CDN expects the origin to be publicly accessible. Since you have NSG/Firewall on the Origin, so that will only allow CDN Traffic

    Presently, CDN does not support Private Endpoint as it's origin. However, Azure Front Door Premium support Private Endpoint as it's backend Pool.

    This article will guide you through how to configure Azure Front Door Premium tier to connect to your storage account origin privately using the Azure Private Link service.
    Connect Azure Front Door Premium to a storage account origin with Private Link

    If you wish you may leave your feedback here All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Additional information: Refer to this article: How to Integrate an Azure Storage account with Azure CDN.

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 189745-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments