Web Scraping Protection Integrated with CDN and WAF for Food Retailer

"In 2023, we were suffering from bots that were scraping our catalogs and price lists at night. As our current CDN provider couldn’t protect us, we needed an advanced anti-bot solution to finally fix the problem."

CISO, Food Retailer

Challenge

Solution

"Strictera WAAP detects and blocks DDoS attacks very quickly. We’ve had experiences before where protection would trigger after several minutes' delay. And we’re attacked with depressing regularity. Sometimes our servers would crash before protection kicked in. This didn’t cause serious problems, but even a few minutes of downtime is extremely undesirable for us. Bots have practically disappeared. We’ve basically removed this from our monitoring list. Previously, influxes of malicious bots would increase the load on our servers by an order of magnitude."

CISO, Food Retailer

"We’re not a CDN provider; we have fewer points of presence, and static content distribution isn’t our primary focus. But we needed to set up a proxy so the client wouldn’t lose the CDN benefits. To achieve this, we customized the connection scheme using link interception. The upstream response is proxied to us, and we modify it on the fly without wasting time on redirects. The client receives a ready-made HTML file that already specifies the partner CDN service’s cache servers for retrieving the static content."

CISO, Food Retailer

Results

"Generally, WAF is licensed on a per-request basis in terms of RPS. Previously, to avoid paying for bots on the WAF, we maintained a huge number of blacklists. Maintaining these lists semi-manually based on the previous day’s statistics took engineers at least one man-hour per day. Now, such work simply doesn’t exist; we’ve forgotten about it."

CISO, Food Retailer