WAF or CDN Related Upgrades Process Guide

Purpose of this Guide

To help you understand the steps involved in implementing Site Upgrades that involve either of the CDN (Content Delivery Network) or WAF (Web Application Firewall) services. The Site Upgrades this applies to are:

  • CDN (Content Delivery Network)
  • WAF (Web Application Firewall)
  • CDN+WAF Bundle
  • Performance+ (CDN+PHP Workers)
  • Uptime+ (Failover+CDN+WAF)
  • Any combination of the above


At this time MODX Cloud Site Upgrades require manual configuration on the MODX Cloud side and the customer side. 

Clicking to add one of the Site Upgrades mentioned above triggers a process:

  1. that sends you through the checkout to add it to your subscription
  2. submits the vital information the MODX support team needs to start implementing the upgrade, and
  3. sets the upgrade selected into a pending-deploy state for the site in the MODX Cloud Dashboard.

Preparing for Implementation

Before adding the upgrade, it is important to know that changes to the site’s DNS will be required on two occasions—one of which is time-limited. 


Here’s what you should do before you order a Site Upgrade:

  • Get or Confirm Access to DNS. If you do not have access to the DNS and need to go to your client, IT person, or someone else to make changes to DNS, it would be good to make that outreach before taking any further steps. 
  • Determine the Primary URL. We need to know if the site uses www or non-www as the primary URL (when you visit the site which is displayed in the browser or which one does Google have indexed?).
  • Lower DNS TTL. Log in or instruct your client to log in to the site’s DNS provider and lower the TTL on the A record(s) for the root domain and www (and any other domains pointed at the Cloud) to 300 seconds or the lowest TTL available. 
  • Be Aware of Time Limits. A step in this process, the SSL certificate issuance at the proxy service expires in 24 hours. If that expires, we will need to reissue the certificate request before we can proceed with the next step. 

Implementation Process

  1. In the MODX Cloud Dashboard, from the Upgrades tab of the Cloud Edit view for the Cloud instance (site) in question, click to add the upgrade you wish to purchase for the site. 
  2. Proceed through the checkout to confirm this addition to the subscription. 
  3. Check the account creator/owner's email for a response indicating we received the request. All requests currently are issued by and are sent to the account creator/owner’s email. We're working to include the member user info in the requests (no ETA). 
  4. The MODX team will configure Stackpath for the site. 
  5. The MODX team will install the Stackpath Secure Edge Extra in MODX for the website and configure it. 
  6. The MODX team will send an email to provide you two (2) options for SSL on CDN:
    1. Option 1 is to create a CNAME record to verify your domain that looks similar to (Note this record expires in 24 hours): 
      _acme-challenge.yourdomain.com to point to dd55bef8-73b4-4e76-90f9-0008b29e289b.stackpath-tls.com.
      _acme-challenge.www.yourdomain.com to point to dd55bef8-73b4-4e76-90f9-0008b29e289b.stackpath-tls.com.
    2. Option 2 is to Point your domain to StackPath ( where you may experience site not secure errors temporarily ) which looks similar to:  
      A record:
      yourdomain.com to point to
      CNAME record:
      www.yourdomain.com to point to u3i41uw2.stackpathcdn.com
  7. Once that is complete, MODX will contact you to point the non-www to a location and the www to another location. This does depend on whether you or your client uses the www as the primary or the root domain (non-www). 

Additional Steps for Uptime+

There are no additional steps required of you or your client to complete this process. 

Uptime+ requires MODX to configure the following:

  1. the failover MODX Cloud instance in a geographically different data center
  2. the domain
  3. web rules
  4. automated sync from the origin site

Once we complete all of these steps, the MODX team will notify you that it’s been completed. 

If anyone on your team would like to verify the failover, feel free to request assistance from the MODX support team. 

Have more questions? Submit a request


Please sign in to leave a comment.