Hi all,

I am wondering if anyone here has any answers to help solve for this problem. We have a CDN which is used by a public website. The CDN is using Azure CDN / Frontdoor with a custom domain and is connected to the Azure storage blob using a VPN. The Storage blob is setup to only accept connections from the VPN and specified IP addresses and to add new content to the storage blob you need to request elivated permissions via PIM to an RBAC role specific to this storage blob. 

The problem is the company I am working for want to enforce disabling anonymous public access to the storage blob and we can’d use SAS tokens from the website. Our tests show that doing so stops anyone accessing the website from being able to load assets from our CDN.

Is there some way to configure the storage blob to accept anonymous public access only from the CDN while still turning off the anonymous public access on the storage blob?

​Hi all,I am wondering if anyone here has any answers to help solve for this problem. We have a CDN which is used by a public website. The CDN is using Azure CDN / Frontdoor with a custom domain and is connected to the Azure storage blob using a VPN. The Storage blob is setup to only accept connections from the VPN and specified IP addresses and to add new content to the storage blob you need to request elivated permissions via PIM to an RBAC role specific to this storage blob. The problem is the company I am working for want to enforce disabling anonymous public access to the storage blob and we can’d use SAS tokens from the website. Our tests show that doing so stops anyone accessing the website from being able to load assets from our CDN.Is there some way to configure the storage blob to accept anonymous public access only from the CDN while still turning off the anonymous public access on the storage blob?  Read More

​