I've enabled the Storage Account firewall (preview) feature and I have an Azure Web App that can upload and download files from the Storage Account.
Now the Web App reports it cannot access the Storage Account.
When I enabled diagnostics logging, it displays:
1.0;2017-12-15T07:17:02.1274894Z;GetBlobProperties;AnonymousIpAuthorizationError;403;0;0;anonymous;;mystorageaccount;blob;"https://mystorageaccount.blob.core.windows.net:443/container/file5p.pdf";"/";45752938-001e-0099-7f74-754fae000000;0;10.86.184.194:50506;2014-02-14;119;0;75;0;0;;;;;;;;
Other records (not traffic from the Web App) do have IP addresses displayed instead of AnonymousIpAuthorizationError.
Now I cannot enable the firewall since the Web App has an anonymous IP address. Are there any options to enable the firewall and only enable traffic from the Web App?
You could attach the webapp to a virtual network and allow that vNET's/subnet IP range. https://blogs.technet.microsoft.com/canitpro/2015/04/06/step-by-step-connect-an-azure-web-app-to-an-existing-virtual-network/