Goal: Blob storage can access only from the app service.
So, you want to set the blob storage firewall for inbound traffic.
IP network rules have no effect on requests originating from the same Azure region as the storage account.
See Grant access from an internet IP range
There isn't an App service tag.
ps. When clients request blob storage through app service, blob storage receives not App service IP but Client IP.
When resources are located in a different region, the IP address firewall setting works.
When blob storage uses VNet firewall, app service must be integrated with VNet.
If you want to read what is VNet integration, see VNet integration
Before setting VNet integration, you must check limitations.
Integrate your app with an Azure virtual network - Azure App Service | Microsoft Learn
Add VNet to your app service.
I use "firwall-storage-vnet" VNet as below.
A value of 1 enables your function app to scale when you have your storage account restricted to a virtual network.
You can see the detail about this setting website_contentovervnet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.