Version 3.10 of our Cloud Platform released
Posted on April 2, 2017
Today we released another update to our cloud platform. Our latest update includes a number of significant features, enhancements as well as back-end improvements.
Here are the most notable changes and bug fixes in this version:
General System/Account Changes:
- CSV table export: We added a new feature to the Domains, Change Log and Server Status tables to allow a complete export of all the records on all pages to a single CSV file. Now you can quickly retrieve all records in an easily accessible file for further analysis or archival purposes.
- Cross-site scripting: We improved how the UI and API handle invalid data entries to increase data validation and overall security.
- Change Log additions: We further enhanced the details captured and provided in the change log to better track when changes are being made in the UI or API.
- DNS Importing: We improved the DNS importing functionality substantially to handle a wider variety of different export files from different DNS platforms. This is an ongoing process and we have several more changes in the queue still.
- Invalid SOA email: When a domain was imported with an invalid or missing email address in the SOA record, it would prevent the record from being visible in the UI. Now, even if the email is invalid, it will show properly so it can be easily corrected.
- Secondary domain error message: We adjusted the message shown when hovering over the status icon for secondary domains to provide better guidance on how to make corrections and retry.
- Zone Transfer company option: For resellers, we now allow the creation of zone transfer settings for companies and sub-companies. We also adjusted how the zone transfer settings are selected in the domain edit dialog.
- Last Login to Last Edit: We adjusted the column header from displaying “Last Login” to “Last Edit” for the domains in the table to properly reflect why the user’s name is shown there.
- Deleting resource records: We improved validation when resource records are deleted to better confirm the exact record that will be affected by the delete action.
- DNS updating bug: We corrected an issue where DNS updates may not push to the network if they were completed via the UI and performed in a very specific but rapid fashion.
- SRV record change: We made a few enhancements to SRV records to support different formats for the service part of the record to meet a few specific customer use cases.
- View records toolbar button on domains table: The view records button on the domains table would occasionally malfunction. While it performs the same behavior as double clicking any row, we have fixed it so it works as intended.
- New support for servers created with a FQDN: We’ve always supported creating back-end servers/devices with IPv4 and IPv6 addresses. But now we support creating them with a FQDN (fully qualified domain name) too. This frequently requested feature will support routing traffic to back-end servers at Amazon Web Services, Microsoft Azure, Google Cloud and the like without having to obtain elastic/static/etc. IP addresses. Now, when you create a new device, you’ll be prompted to choose whether to provide an IP address or a FQDN.
- New feature for managing overflow traffic: We added a significant new feature that allows for a greater degree of control over server connections and distribution in the load balancer. The overflow feature allows you to reroute traffic from your primary server group to your failover server group when the total connection count is greater than a specified threshold. This threshold can be configured using a global setting, or a per-server connection setting to accommodate devices of unequal capacity. Overflow also supports persistence with a configurable timeout period to ensure traffic sent to your failover group remains there, if desired.
- WAF Enhancements: We continue to enhance our Web Application Firewall and have now moved firewall profile configuration to a separate tab for easier management and to support upcoming enhancements which will require additional UI real estate. Because firewall profiles are global in nature, they are best located in a more global location, and this move does just that.
- Firewall Access Control List: We added another significant new feature that allows you to create IPv4 or IPv6 Access Control Lists (ACLs) to allow or deny specific IP addresses or ports to your cloud IPs. This serves a number of unique business cases. Here are a few examples:
- You wish to completely block ICMP to your cloud IP, or perhaps allow it only to select source IP addresses, such as your office.
- You want to load balance a sensitive application, like MySQL, but only want to allow access from certain IP addresses, for example, front-end web servers.
- You want to block specific IPs that you have found attacking your site, or ranges of IPs that are known to be malicious or owned by competitive organizations.The Firewall ACL allows you to accomplish all of these objectives and many more.
- WAF UI Cache: Occasionally, when editing multiple Web Application Firewall profiles, a browser cache issue would show the same checked items for more than one profile. This has now been resolved.
- WAF HTML and Content-Type settings change: We made a few enhancements to the WAF Profile settings for the error URL, default content types and the post body limit to better protect web applications right out of the box.
- WAF exception editing: We corrected a bug that would occasionally prevent editing an existing WAF exception rule for a few specific security checks.
- Quick Start Wizard: Often, while adding server ports using the Quick Start Wizard, the dialog would just hang and not properly complete the process. This has now been resolved.
- Server port default values: Adding new server ports into a server wouldn’t always show the default values for Client Idle Timeout and Server Idle Timeout, even though these were set on the back-end and fully functional. These now appear configured by default in the UI.
- Validation alerts: We added a few more validation alerts to the UI to warn users if a setting is being made that is not supported with other settings in their configuration. One example would be using the HTTP protocol with port 443 for SSL traffic. SSL traffic should only be used with the SSL, SSL_PROXY or TCP protocols. Another example would be mapping a public port of HTTP/80 to ANY/80 since these two protocol types are incompatible. A final example might be using the Cookie Insert persistence type with an unsupported protocol.
- DDoS policy attach/detach: We fixed a bug on the back-end when attaching or detaching a DDoS policy from a port. Often the DDoS policy would attach, but not detach correctly.
- Revised back-end server/device port management: We rearchitected how ports are added/edited/deleted for back-end devices to improve how these changes are pushed out to our network. This new architecture improves the performance and availability of servers on our platform. Additionally, we improved back-end validation rules to better detect when an update to the global network is required or not. On occasion, the click of a “save” button in the UI would push a change to the network even though it was not required, wasting processing time on unnecessary tasks.
- DDoS table search: We fixed an issue in the DDoS table where searching for a specific entry would return some results that did not fit the search criteria.
- SSL Cert detach: We corrected a bug where a SSL certificate previously attached using SNI would not properly unset the SNI flag for the cloud IP when it was the last SSL certificate to be removed.
- Cosmetic changes: We made a number of minor cosmetic changes to the UI to improve the overall look and appearance and to ensure smoother operation.