Microsoft Azure Insights: Web Application Firewall; CLI; Stack Hub; Output formats; API Management

June 23 2020

Microsoft Azure pros share their latest thoughts on secure storage account static sites with a Web Application Firewall, CLI, Stack Hub, output formats and using API Management.

Using a Web Application Firewall to secure a storage account static website

Aidan Finn explored how to use Azure Application Gateway to do content redirection for a storage account static website securely. For a recent website project, he needed cost-effectiveness, security, and the ability to receive content from Azure VMs directly. Storage accounts are resilient and set up with a static site. With a firewall in operation, only traffic coming from  the VM subnet, Web Application Firewall subnet or Azure Application Gateway is allowed through.

According to Finn, there are two potential approaches. In one, the WAF subnet is paired with a Microsoft.Storage service endpoint, thus routing all traffic through Azure's private backbone to the storage account. This offers a combination of high security and low latency. Alternatively, users can swap in a private endpoint in the same VNet as the WAF. Users would need to change the WAF backend pool private IP address configuration. The second option has some advantages, but Finn also identifies some limitations. 

Winget for Azure CLI installation on Windows

About MSDW Reporter

More about MSDW Reporter