locked
Blob storage always seems to have a public URL RRS feed

  • Question

  • We've recently setup a blob storage at my company for one of our imports. The problem seems to be that after we went through the security recommendations there is still a public URL to download the files. Via Azure Storage explorer it gives a URL to <name>.blob.core.windows.net/<blob name> which we can still publicly download the file. Is there anyway to stop this via the settings as we see this as a very big security risk.

    Thank you!

    Wednesday, February 26, 2020 8:59 PM

All replies

  • You can block it - so even though the public URL exists, it's not accessible.

    More at https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security

    "To secure your storage account, you should first configure a rule to deny access to traffic from all networks (including internet traffic) on the public endpoint, by default. Then, you should configure rules that grant access to traffic from specific VNets. You can also configure rules to grant access to traffic from select public internet IP address ranges, enabling connections from specific internet or on-premises clients. This configuration enables you to build a secure network boundary for your applications."

    hth
    Marcin

    Wednesday, February 26, 2020 11:22 PM
  • We've recently setup a blob storage at my company for one of our imports. The problem seems to be that after we went through the security recommendations there is still a public URL to download the files. Via Azure Storage explorer it gives a URL to <name>.blob.core.windows.net/<blob name> which we can still publicly download the file. Is there anyway to stop this via the settings as we see this as a very big security risk.

    I'm guessing that Anonymous read access is granted currently, which you can set it to Private (no anonymous access) as given here - 

    https://docs.microsoft.com/en-us/azure/storage/blobs/storage-manage-access-to-resources#set-container-public-access-level-in-the-azure-portal


    If the response helped, do "Mark as answer" and upvote it
    - Vaibhav

    Thursday, February 27, 2020 4:32 AM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Thursday, February 27, 2020 5:02 AM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.

    Monday, March 2, 2020 6:48 AM
  • Is there any update on the issue?

    If the suggested answer helped for your issue, do click on "Mark as Answer" and “Vote as Helpful” on the post that helps you, this can be beneficial to other community members.
    Thursday, March 5, 2020 10:45 AM