Azure Storage : Signed IP address for on-premise client for service SAS not working

2022-08-23T06:20:48.927+00:00

I am trying to restrict requests to range of IP addresses in the service SAS but I am getting 403 error.

I have tried to use on-premise IP address as well as range of IP address to try the request from multiple machines. But wasn't successful.

This is how my SAS token looks (truncated signature value):
sp=r&st=2022-08-22T05:46:57Z&se=2022-08-23T13:46:57Z&sip=10.248.88.1-10.248.88.255&spr=https&sv=2021-06-08&sr=b&sig=<calculated-signature>

HTTP 403 This request is not authorized to perform this operation.

<?xml version="1.0" encoding="utf-8"?>
<Error>
<Code>AuthorizationFailure</Code>
<Message>This request is not authorized to perform this operation.
RequestId:e34939c4-e01e-00a0-5fb4-b61523000000
Time:2022-08-23T05:52:22.1043914Z</Message>
</Error>

Has anyone restricted the IP address to a certain IP/on-premise IP address and successfully made a request to azure storage?
If yes could you share me how to do it or what wrong I could be doing?

Referring to Azure documentation: https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#specify-an-ip-address-or-ip-range

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,731 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,469 questions
0 comments No comments
{count} votes

Accepted answer
  1. Mohammed Altamash Khan 2,081 Reputation points
    2022-08-23T08:00:17.923+00:00

    Hi @Govinda Heggade, Punith Dyapasandra

    1) Which type of storage are you trying to access ? Container , File share etc
    2) Have you check any firewall in between ? I have faced same issue when i mentioned allow IP to access to my Storage account but still they cant access due to firewall blocking the IP. Make sure

    2a) Your storage account IP & port is allowed in firewall bi directional
    2b) Your clients IP are allowed in allowed IP list on Portal

    Regards,
    Mohammed Altamash

    ----------If this answer was helpful , Kindly accept the answer -----------------


0 additional answers

Sort by: Most helpful