Enhancing Security with UltraDNS and UltraWAF Integration
CompletedHello Community,
I’m excited to share some of the initial work I've been doing to integrate our UltraWAF product with UltraDNS using the `lego` client. This integration aims to simplify and automate the management of SSL/TLS certificates.
Abstract
UltraWAF provides a security layer by sitting between your web assets and the internet. It requires SSL/TLS certificates to encrypt traffic, which can be automatically procured and managed using LetsEncrypt and `lego`. `lego` is a CLI tool that handles certificate requests, performs DNS challenges, and cleans up post-process, using your UltraDNS credentials. My goal is to create a simplified process for requesting, renewing, and managing certificates directly within UltraWAF.
Project Links:
Future Considerations
Asset Association: Currently, the `waf_encrypt` script uploads certificates without associating them with specific assets. The next development phase will automate the association of renewed certificates with respective assets in UltraWAF.
HTTPS Redirects via UltraDNS: One significant area of my integration effort will focus on enhancing the security of web forwards created within UltraDNS. Typically, when a user sets up a web forward in UltraDNS, it automatically creates an A record that points to a server tasked with handling redirects. However, these redirects are not encrypted because UltraDNS does not manage SSL/TLS certificates for customer endpoints.
To address this limitation, I’m considering a process to export existing web forwards using the UltraDNS API then, after analysis, converting them into responder policies in UltraWAF. Unlike UltraDNS, UltraWAF has the capability to store and manage SSL/TLS certificates, allowing it to encrypt traffic for these redirects.
This advancement will not only improve security but also streamline the management of HTTPS redirections, ensuring that traffic is not only redirected but also encrypted. This integration represents a key step towards a seamless, secure web experience across products.
Stay Engaged
I encourage everyone to follow and star these projects on GitHub. Your input and feedback are helpful as we continue to develop and refine these integrations. Stay tuned for updates and please share your thoughts and experiences as you use these tools.