Score:-2

How do you rate limit an Azure Storage account?

ai flag

I have an Azure storage account that hosts 20 MB files. Users download the files directly from the storage account, and there is no CDN or anything monitoring the traffic. I'm concerned that users can download mass amounts of data, leading to high egress costs for us. Preferably, I want to use a service that costs less than the amount that we would save by using such service.

There are two possible ways I want to solve this:

  1. Limit an IP to 50 downloads a day. This is ideal but might take some time to set up.
  2. Limit an IP to a reasonable rate, like 5 per second. This sounds like something that Azure DDoS Protection is designed to do, though that service costs a lot.

Is there a good solution to enable us to rate limit downloads to our Azure Storage account?

Would the free tier of Cloudflare work for this use case?

MakotoE avatar
ai flag
Just an update to our current solution. We decided to use Cloudflare and it drastically reduced our load without needing to pay a cent. It does require some setup but it was well worth it.
mx flag
Can you provide more details on how Cloudflare helped you? Thanks!
MakotoE avatar
ai flag
@stefan.at.kotlin My solution doesn't answer this question, which is why I only left it as a comment. My need for a rate limiter was for cutting costs. While we don't use Cloudflare's rate limiter, we use it as our CDN. What we pay for are egress costs from Azure which is like 1% of what we originally had before Cloudflare. If you are seeking a simple rate limiter, you can also use Cloudflare's paid option. The answer below is for a more complex solution involving user accounts.
mx flag
Very interesting with the CDN cost! Just wanted to learn more about Cloudfare, now I did, thanks :-)
Score:3
gb flag

I would suggest looking at Share Access Signatures (SAS). While these can't limit bandwidth, you can set expirations. I would envision doing some sort of application on the front end that would require a user to register before downloading and/or CAPTCHA to eliminate bots from downloading. Then the application will create a near-term expiration SAS token that would essentially allow the user to only download the item once.

Configure a SAS expiration policy for the storage account. A SAS expiration policy specifies a recommended interval over which the SAS is valid. SAS expiration policies apply to a service SAS or an account SAS. When a user generates service SAS or an account SAS with a validity interval that is larger than the recommended interval, they'll see a warning. If Azure Storage logging with Azure Monitor is enabled, then an entry is written to the Azure Storage logs. To learn more, see Create an expiration policy for shared access signatures.

https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview

Score:-2
bw flag

You can't limit download as you write. You are paying for read operation on Storage Account and Networking Transfer (download) - two different services.

Check costs of storage: Storage Account Pricing

Maybe you should use different type of resource for your case - ftp ?

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.