We have a Azure storage account which contains static HTML content for a website. Instead of exposing the storage account URL on the Internet, an Azure CDN endpoint was created https://ourendpoint.azureedge.net/ which is exposed to outside world.
Does Azure CDN come with a web application firewall which is what our business analyst claims? I thought only Azure Front Door and Azure application gateway had it?
The storage account itself comes with WAF. In the Azure portal, choose the storage account then "Firewalls and virtual networks". You can restrict access to the storage to the CDN and/or to particular IP addresses.
What exactly are you trying to achieve?
Azure Storage account does not support a WAF, only IP or network restrictions.
Azure CDN has WAF capabilities in public preview: https://docs.microsoft.com/en-us/azure/web-application-firewall/cdn/cdn-overview
Alternatively, you can expose your storage account behind API Management if you want to add an extra security layer and then restrict the traffic to the account only to the one coming from APIM.
