Skip to content

Sucuri DNS Setup

Upon signing into Sucuri for the first time, you will be prompted with a green button that says “Protect My Site Now” - Selecting this will allow you to enter your domain. Screenshot

While entering your domain, there will be no need to check the other options that are provided. You may then select the “Add Site” button to add your domain to Sucuri. Screenshot

Sucuri will automatically grab the IP address for a specific Cloudfront edge server. While this does work, it does introduce a single point of failure. To avoid this, we are going to instead provide them with the CNAME for the Cloudfront Endpoint. This can be retrieved from the DNS section of the Stratus panel. Screenshot

Once we have the Cloudfront CNAME, we can modify the “Hosting IP Address” section of Sucuri. We will be adding the CNAME record from the Stratus panel and removing the single IP address that they detected on their side. When complete, it will look like this. Screenshot

Now that we have Sucuri pointed to the Stratus panel, we now need to point Stratus to Sucuri. To do this, we will get the IP address of Sucuri which is provided in their overview section. Screenshot

We will then head back over to the Stratus panel and change the entry pointed to the Cloudfront to the custom IP that was provided by Sucuri. Screenshot

With this complete, the integration is basically finished! If you scroll back to the top, you will see an option that says “Service is Not Activated” - waiting a few minutes, and then selecting the refresh button next to it will change it to activated. Screenshot

The last setting you will want to change is in Sucuri under their “Security” section. You will need to enable the option that says "Force passing the hostname via TLS/SSL" - it would look like this; Screenshot

This completes the basic setup, however, there are further options to customize from there. If you are using Sucuri's option that adds a JS protector in front of your site, you need to whitelist this path for our Google Analytics validation to work properly. You can find more information on those steps here