Our DNS implementation allows you to point your site's DNS record to one of our hosted endpoints, providing you with the protection of a white-label, waiting room that can't be bypassed.
This process does involve third-party validation, so it is not unusual for the process to take several hours. If you need to deploy quickly, you may need to run an alternative integration in the short-term.
The DNS implementation is available on CrowdHandler's Standard plan or higher.
Step 1: Switch your domain to DNS implementation
Please remember that by default, subdomains and apex or naked domains are considered unique in CrowdHandler.
Step 2: TLS Certificate Validation
To ensure traffic that traverses through CrowdHandler is secure, the first step that needs to be taken is to generate a valid TLS certificate.
- Click the REQUEST CERTIFICATE button.After a short period of time, you will be provided with a set of DNS instructions.
- Head on over to your DNS control panel and add the record displayed. In the example shown, I'm using Amazon's Route 53 service. Consult the documentation for your DNS control panel if you're unsure or having difficulties with adding the record; alternatively get in touch with firstname.lastname@example.org and we'll be happy to help.
- Once the record has been added, it can take several hours for the certificate to be validated, so go ahead and take care of those pesky admin tasks you've been putting off while setup work continues behind the scenes.
Step 3: Setting your origin
Origin is the domain name of the Web Server or Load Balancer that you would like CrowdHandler to proxy traffic to. As soon as CrowdHandler receives notification that the certificate request is valid, the state of the DNS Settings on your domain will move to a "Set Origin" state.
CrowdHandler DNS origins are limited to domains, meaning that IP addresses will be rejected. If you originally set out to proxy to an IP address, one solution is to set up a subdomain that resolves to the IP address in question e.g. mywebserver.example.com which can then be used as an origin domain.
- CrowdHandler will attempt to detect your origin automatically using a DNS lookup, however, if this is not possible, you will need to add the origin domain yourself.
- With the origin supplied, you can now click Create Distribution to kick-off the creation of your dedicated CrowdHandler endpoint.
- The creation process generally takes between 10-15 minutes to complete.
Step 4 (optional): Configure Waiting Room Exclusions
Out of the box, CrowdHandler will automatically not attempt to queue routes with the following file extensions.
avi css csv eot gif ico jpg js json map mov mpeg mpg ogg ogv ott pdf png svg ttf webmanifest wmv woff woff2 xml
It is your responsibility to omit additional patterns and routes that should not be queued.
Common examples are:
* Paths used for storing static assets and media i.e. /wp-includes/*
* Callback URLs made by third-party payment providers.
* JSON and RSS feeds.
The GIF below demonstrates an example payment callback pattern made by a third party that should bypass any active queue being added to the exclusion list. You can update multiple exclusions at once by adding your patterns on new lines.
Step 5: Testing your domain
Before enabling CrowdHandler protection, we strongly recommend testing out the service first.
After the distribution creation has been completed, instructions on how to set a hosts file entry will be provided, allowing you to send your traffic through CrowdHandler before the general public gets a look in.
Our getting started guide available here walks you through the basics of configuring and customising your waiting room(s).
Finally, when you're ready to enable CrowdHandler, update your DNS records to the values shown in the go-live instructions.
They'll look something like this.
NB: Once CrowdHandler has been enabled, don't forget to remove any local host-file entries that you set for testing!