Verizon CDN Premium / SAS Blob Storage Rewrite

Category: azure cdn


NoCopy_ on Fri, 03 Nov 2017 14:56:05

This is actually a reply to

But for whatever reason I can't reply to that thread as all I get is "Unknown Error" (Internal Server Error).


If you wish to keep the SAS token hidden from the end customer completely, you can use a Verizon Premium profile and use a URL rewrite rule to add the SAS url from the CDN.

Could you please provide more information on how to achieve that?

The URL rewrite feature forces a base path for a destination and that ends up affecting the destination URL at the storage account.

For instance, rule:
URL Rewrite

Results in:
Rewrites to >

The CDN forces either:

in the destination as seen here:

Error message from blob storage:

Sorry, I should also clarify that I am fully aware that it is likely a problem with my regex. So to indicate what I wish to rewrite (essentially just replacing the query string to the SAS token):


NoCopy_ on Sun, 05 Nov 2017 01:28:16

Update: It was, in fact, my regex. For anyone looking for a similar answer, this seems to work to rewrite a CDN token Auth request to a Blob Storage SAS request:

RULE: URL Rewrite

Source: /CDNBASE/CDNPATH/ (dropdown)
Regex: ((?:[^\?]*/)?[^\?/]+)($|\?.*)

Destination: /CDNBASE/CDNPATH/ (dropdown)
Substitution: $1$2&sv=<YOUR SAS TOKEN PARAMS>

Note: that in the substitution the initial CDN auth query is included in addition to the SAS token - without it I was getting an 403 Permission Denied

While I am sure there is a more straight forward regex, this was the only one that worked for me - and I tried many.

Edit: A far more straightforward regex is to simply match the storage container path, eg:

Source: /CDNBASE/CDNPATH/ (dropdown)
Regex: (your-storage-path\/.*)

Destination: /CDNBASE/CDNPATH/ (dropdown)
Substitution: $1&sv=<YOUR SAS TOKEN PARAMS>