问题描述

环境：

存储V2，美国东部

AppService：美国东部

存储防火墙和虚拟网络设置

- 允许从所选网络进行访问，并且未列出任何网络

- 已关闭所有例外，包括"允许受信任的Microsoft服务..."。$
- 防火墙设置中未列出任何IP

- 在存储不指定任何允许的IP（无论如何都应该无关紧要，因为这些IP指的是Azure之外的那些IP）

Storage firewall and virtual network settings
- Allow access from selected networks is selected and no networks are listed
- All Exceptions have been turned off including "Allow trusted Microsoft services..."
- No IPs listed in firewall settings
- SAS created on Storage doesn't specify any allowed IPs (shouldn't matter anyway since these IPs refer to those outside Azure)

使用SAS我现在尝试从应用服务访问存储，并且能够。这是为什么？如果禁止访问所有网络并且没有例外，那么访问是否应该失败？

Using the SAS I now try accessing the storage from the app service and am able to. Why is that? With disallowing access to all networks and no exceptions, shouldn't the access fail?

推荐答案

IP网络规则对发起的请求没有影响来自与存储帐户相同的Azure区域

IP network rules have no effect on requests originating from the same Azure region as the storage account

编辑：这似乎也在区域之间起作用 - 与文档相矛盾

this appears to be working between regions as well - contradicting the documentation

hth

Marcin

hth
Marcin

这篇关于即使防火墙中未启用任何网络，App Service也可以访问存储的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！