Enabled anonymous access to contain via browser

Matthew Fleming 20 Reputation points
2024-09-02T16:30:38.2533333+00:00

I have several large files that I need to share with several individuals. These are not private files and they will soon be available for public access on our website. I would prefer to allow anonymous access to these files - and they should be accessible via a web browser.

I have a storage account called MHS. It is configured to allow anonymous blob access. There is a container called 2024.

I have an Azure CDN created (mhs-cdn-1).

However, when I browse to these, I get error messages like:
This XML file does not appear to have any style information associated with it. The document tree is shown below.

<Error>

<script/>

<Code>InvalidQueryParameterValue</Code>

<Message>Value for one of the query parameters specified in the request URI is invalid. RequestId:aa84330b-a01e-0026-4b54-fdafd9000000 Time:2024-09-02T16:25:59.4291613Z</Message>

<QueryParameterName>comp</QueryParameterName>

<QueryParameterValue/>

<Reason/>

</Error>

What am I missing?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,048 questions
Azure Content Delivery Network
0 comments No comments
{count} votes

Accepted answer
  1. Sina Salam 16,526 Reputation points
    2024-09-02T22:44:29.0933333+00:00

    Hello Matthew Fleming,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you are having InvalidQueryParameterValue error while enabling anonymous access to contain via browser.

    There are many things that can go wrong, with your explanation and error code it shows you're having configuration issues and there's a problem with the query parameters in your request URI.

    There is a similar answer provided for a similar error on this platform (Microsoft Q&A) here: https://learn.microsoft.com/en-us/answers/questions/839442/invalidqueryparametervalue-using-custom-domain

    If this does not resolve your issue, try the followings:

    • Confirm the URL format is correct.
    • Verify your CDN configuration and its origin settings.
    • Clear the CDN cache.
    • Check the access level of your blob container.

    For example, if your storage account name is MHS, your container name is 2024, and you have a blob named examplefile.txt, the URL should be: https://mhs.blob.core.windows.net/2024/examplefile.txt

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    ** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Nehruji R 8,166 Reputation points Microsoft Vendor
    2024-09-03T10:35:06.28+00:00

    Hello Matthew Fleming,

    Greetings! Welcome to Microsoft Q&A Platform.

    I understand that you are facing issues in reading the container, which is enabled for anonymous read access.

    1.Check whether you have enabled it on storage account level or container level.

    It is not recommended to grant anonymous read access to blob data as it presents a security risk. However, if you still want to grant anonymous read access to blob data, you need to understand that the default configuration for an Azure Resource Manager storage account prohibits public access to blob data. If you have enabled anonymous read access to blob data, it may be reset to "False" automatically due to security reasons.

    By default, anonymous access to your blob data is always prohibited. The default configuration for an Azure Resource Manager storage account prohibits users from configuring anonymous access to containers and blobs in a storage account. This default configuration disallows all anonymous access to an Azure Resource Manager storage account, regardless of the access setting for an individual container. When anonymous access for the storage account is disallowed, Azure Storage rejects all anonymous read requests against blob data. Users can't later configure anonymous access for containers in that account. Any containers that have already been configured for anonymous access will no longer accept anonymous requests.

    2.If you are unable to access blob data despite having anonymous access enabled, it might be due to incorrectly targeting the container URL instead of the blob URL. Additionally, the blob could be in an archived state. Ensure you are pointing directly to the blob URL and rehydrate any archived blobs before attempting access. By default, anonymous access is not permitted unless explicitly configured. When enabled, it allows clients to read data without authorization, which can pose a security risk. Ensure anonymous access is only enabled if absolutely necessary.

    To rehydrate an archived blob:

    • Navigate to your Azure Storage account in the Azure portal.
    • Find the archived blob you want to rehydrate.
    • Change the access tier of the blob from "Archive" to "Hot" or "Cool".

    For checking which storage accounts and containers have anonymous access enabled, you can refer to the following resources:

    3.Make sure that you provide sufficient access on the network level.

    https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal

    Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.

    Please do not forget to "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.