Alpha – Edge protection for an e‑commerce platform
Challenge: A high‑traffic e‑commerce site was suffering from bot abuse and scraping attacks that impacted performance and conversion rates. Existing WAF rules were generic and hard to tune without breaking legitimate traffic.
Our work:
- Performed threat modelling to understand the customer’s abuse patterns and risk appetite.
- Tuned Cloudflare WAF and Bot Management rules, deploying custom rate limits and mitigations without degrading user experience.
- Enabled mutual TLS and API Shield on critical API endpoints to authenticate clients at the edge.
- Implemented Workers to inspect requests, inject custom headers and forward telemetry to the customer’s SIEM.
Outcome: Bot traffic was reduced by 80%, scraping attempts were blocked at the edge and the team gained clear telemetry on attack trends. The engagement delivered increased checkout conversion rates and lowered infrastructure costs.