在Azure Blob存储中托管静态网站时文件的安全性? [英] Security for files when hosting static websites in Azure blob storage?

问题描述

通过使用HTTP重定向，我已经能够在Azure blob中托管静态网站.

I have been able to host a static website in an Azure blob by using an HTTP redirect.

正如我描述的那样

我找到了一种方法，可以使用 子网域和http重定向

I found a way to host a static website in an Azure blob, using a subdomain and an http re-direct

我执行以下操作

1)在Azure中，我创建了一个带有容器的存储帐户(称为docs )具有Blob访问策略.

1) In Azure I create a storage account with a container ( called docs ) that has Blob access policy.

2)我使用存储将静态网站上传到docs容器 资源管理器.这包括子文件夹中的一些PHP文件.

2) I upload my static website to the docs container using the storage explorer. This includes some PHP files in a sub folder.

3)在DNS中，我为子域设置了一个cname记录(称为info 例如)，其别名为myblob.blob.core.windows.net(其中myblob是 我的Blob名称)

3) In the DNS I set up a cname record for a subdomain ( called info say) with alias myblob.blob.core.windows.net ( where myblob is the name of my blob)

4)在DNS中，我创建一个Http重定向，以记录到该文件上 具有url的www的子域 xhttp://info.mydomainname.com/docs/index.html(不带x的拼写.I 在前面放一个x以防止超链接

4) In the DNS I create an Http redirect for record to a file on the subdomain for www with url xhttp://info.mydomainname.com/docs/index.html ( spelt without the x. I put an x in front to prevent the hyperlink )

5)在Azure中，我为info.mydomainname.com创建一个自定义域

5) In Azure I create a custom domain for info.mydomainname.com

然后，如果有人知道PHP的位置，我的网站就会运行 文件，然后他们可以下载它们，这意味着我不能存储秘密 在其中.

My website then works however if someone knows the location of the PHP files then they can download them which means I must not store secrets in them.

有没有办法阻止他们被访问?

Is there a way I can prevent them from being accessed?

我正在为我的容器使用Blob访问策略

I am using a Blob access policy for my container

但是我不能阻止文件的访问(除了名字晦涩)，因此我宁愿不要在Blob中的任何文件中存储秘密.

However I can't prevent files from being accessed ( except for by name obscurity ) thus I would prefer not to store secrets in any files in the blob.

鉴于此，我该如何实现调用API来发送电子邮件的联系表单?

Given that, how can I go about implementing a Contact form that calls an API to send an email ?

推荐答案

将PHP文件部署到Azure blob存储没有意义. PHP脚本 不是静态内容，应该在Web服务器(如Apache，Microsoft IIS等)上执行.

It doesn't make sense to deploy the PHP files to Azure blob storage. PHP scripts are not static content and they should be executed on a web server like Apache, Microsoft IIS etc..

因此，您可以考虑使用Azure App Service托管PHP文件和其他一些静态内容.通过这种方法，无法查看PHP文件的内容，但是，您可以在其中存储秘密.

So, you may consider using Azure App Service to host your PHP files and some other static content. With this approach, the content of PHP files cannot be viewed, however, you can store secrets in them.

有关操作方法，请参见

About how to do that, see Create a PHP web app in Azure.

这篇关于在Azure Blob存储中托管静态网站时文件的安全性?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！