Sucuri DNS Setup
Upon signing into Sucuri for the first time, you will be prompted with a green button that says “Protect My Site Now” - Selecting this will allow you to enter your domain.
While entering your domain, there will be no need to check the other options that are provided. You may then select the “Add Site” button to add your domain to Sucuri.
Sucuri will automatically grab the IP address for a specific Cloudfront edge server. While this does work, it does introduce a single point of failure. To avoid this, we are going to instead provide them with the CNAME for the Cloudfront Endpoint. This can be retrieved from the DNS section of the Stratus panel.
Once we have the Cloudfront CNAME, we can modify the “Hosting IP Address” section of Sucuri. We will be adding the CNAME record from the Stratus panel and removing the single IP address that they detected on their side. When complete, it will look like this.
Now that we have Sucuri pointed to the Stratus panel, we now need to point Stratus to Sucuri. To do this, we will get the IP address of Sucuri which is provided in their overview section.
We will then head back over to the Stratus panel and change the entry pointed to the Cloudfront to the custom IP that was provided by Sucuri.
With this complete, the integration is basically finished! If you scroll back to the top, you will see an option that says “Service is Not Activated” - waiting a few minutes, and then selecting the refresh button next to it will change it to activated.
The last setting you will want to change is in Sucuri under their “Security” section. You will need to enable the option that says "Force passing the hostname via TLS/SSL" - it would look like this;
This completes the basic setup, however, there are further options to customize from there. If you are using Sucuri's option that adds a JS protector in front of your site, you need to whitelist this path for our Google Analytics validation to work properly. You can find more information on those steps here