OPEN TO WORK

Available for new opportunities! Let's build something amazing together.

Get in touch
ELIO STRUYF

#DevHack: Using Azure CDN with SAS on Verizon Premium

azure storage CDN Azure
post

This post is over a year old, some of this information may be out of date.

In the previous article, I explained how you could use the Shared Access Signature (SAS) in Cloudflare. The reason that I use this approach is to make sure the Azure Storage cannot be publicly accessed. Only via a SAS token blobs can be retrieved or updated. If you want to do this for Azure CDN, I pointed to the documentation to configure this, but it seems that it has changed a bit over time.

{{< blockquote type="info" text="Using Cloudflare to serve your private Azure Storage Blobs

The article I used to configure it on the Verizon CDN was this one which tells you how to hide CDN SAS token using a rewrite rule. You can accomplish this via the Verizon its Rules Engine, which has been updated to version 4 a long time ago. The interface and configuration are a bit different.

Configuring the rewrite rule

When you go to your CDN on the Azure Portal and click on Manage, it will open the Verizon configuration.

On the configuration page, hover over the HTTP Large and click on Rules Engine V4.0.

Show image Rules Engine v4.0
Rules Engine v4.0

You will end up on a page with an overview of all the active policies/rules. Create a new one under Drafts.

Show image New draft policy/rule
New draft policy/rule

Specify the name for your new rule, and click continue. On the Rule builder, you can start creating your new rewrite rule, and this is where it became a bit different.

Click on + Rule and after that, click on +, and choose Match

Show image Create new rule
Create new rule

Set the select category dropdown to General, and the select match dropdown to Always. Click the + under the condition, choose URL for the category, and URL Rewrite for the feature.

In the source input field, add your CDN its internal relative path: /<cdn-ID>/<CDN-name>/(.*).

In the destination input, add the following: /<cdn-ID>/<CDN-name>/$1?sv=2020-02-10&ss=b&srt=o&sp=r&se=2021-02-23T17:24:39Z&st=2021-02-23T09:24:39Z&spr=https&sig=<token>. Replace everything after $1 with your own SAS token from the Azure Storage Account.

Show image Source and destination configuration for rewrite
Source and destination configuration for rewrite

Click on Lock Draft as Policy, which brings you to create the policy deployment screen. Select your environment (Production), add a message, and click on Create Deploy Request.

Show image Create Deploy Request
Create Deploy Request

Now the CDN will start the deployment and will notify if it succeeded.

Show image Waiting on deployment
Waiting on deployment

Related articles

#DevHack: Use Cloudflare CDN for your Azure Storage caching

Azure CDN Hosting

Using Cloudflare to serve your private Azure Storage Blobs

CDN cloudflare Azure

Create an Azure Function to update your Azure Search Index

Azure Functions Node.js

Report issues or make changes on GitHub

Found a typo or issue in this article? Visit the GitHub repository to make changes or submit a bug report.

Comments

Elio Struyf

Elio Struyf

Solutions Architect & Developer Expert

Loading...
Struyf Consulting

Let's build together

Front Matter CMS

Manage content in VS Code

Demo Time

Present from VS Code

Support Buy me a coffee