F5 Bot Defense for Salesforce Commerce Cloud – Protect Your E-Commerce Site From Unwanted Bots and Illegitimate Traffic (1 of 2)
This article is the first in a two-part series. Go to Part 2 here.
Introduction
Effective security matters to every retailer of every size because attacks continue to increase, whether engineered by humans or automated by bots. To help all our e-commerce customers succeed, F5 has made security easy to adopt and offers a wide range of integrations, including with cloud-based commerce platforms like Salesforce Commerce Cloud (SFCC). F5 Bot Defense integrates directly into the SFCC storefront and protects your digital business against unwanted bots and illegitimate traffic. Website owners and developers can gain full visibility, protect against credential stuffing, fraud & abuse attacks, and other advanced attacks that bypass traditional security controls.
In this article, you will learn how to configure and customize the F5 Bot Defense solution for your SFCC site. The solution is delivered as a certified cartridge and supports both the legacy Site Genesis Salesforce Commerce Cloud eCommerce sites and the modern Storefront Reference Architecture (SFRA) sites.
Note: This article contains a fair number of references to Shape Security-related offerings including Shape Enterprise Defense. Shape Security was acquired by F5 in 2020 and many of the products and offerings are currently undergoing a rebranding effort. During a period of time, you will continue to see the Shape branding reflected in the user interface, some settings, and occasionally in product references.
Figure 1: F5 Bot Defense for Salesforce Commerce Cloud
Deployment Steps
The F5 cartridge can be deployed with either Storefront Reference Architecture (SFRA), a controller-based SiteGenesis site, or a pipeline-based SiteGenesis site. The deployment steps outlined below were tested for Salesforce B2C Version 21.7, Compatibility mode 21.2, and SFRA version 6.0.0.
Prerequisites
F5 Bot Defense requires an API key and a header prefix string for your e-commerce website to connect to the backend engine. Please contact your F5 account team or F5 customer services for any help in obtaining the API key and the prefix string.
Step 1: Install the F5 Cartridge and Import the Metadata
Firstly, you will install the F5 Cartridge and set up the business manager, for integrating F5 Bot Defense with SFCC.
Download and Install the F5 Bot Defense Cartridge
Deploy the F5 Bot Defense cartridge using Salesforce UX Studio for Eclipse. Alternatively, you can use Visual Studio code with the Prophet Debugger extension.
- Download the F5 cartridge from the SFCC LINK Marketplace by clicking on the Download Integration button.
- Establish a new digital server connection with your SFCC instance.
- Import cartridges to the workspace in Salesforce UX Studio.
Figure 2: F5 Bot Defense cartridge imported into the workspace within Salesforce UX Studio
- Add the cartridge to the Project Reference of Server Connection.
Figure 3: F5 Bot Defense cartridge added to the Project Reference of Server Connection
- Wait until the Studio completes the workspace build and uploads source codes to the sandbox.
Assign the F5 Bot Defense Cartridge to the Storefront Site
- In the SFCC Business Manager portal, navigate to Administration > Sites > Manage Sites. On the Storefront Sites webpage, click on your site name.
- Next, click on the Settings tab on the site webpage.
- At the beginning of the cartridge path, add the following: int_f5:int_f5_sfra:
- When done, press the Apply button.
Figure 4: F5 Bot Defense cartridge path added to the Storefront site
Import the Metadata
To add the newly configured setting to the Storefront site, you will need to import the pre-defined metadata:
- Open the downloaded cartridge package and navigate to the /metadata/f-five folder.
- Click on the Sites folder and rename the RefArch folder to the ID of your storefront site specified in the Business Manager. Then, zip the f-five folder.
- Navigate to Administration > Site Development > Site Import & Export.
- Under the Upload Archive section, upload the f-five.zip file and click on the Import button.
Figure 5: Import the pre-defined metadata for the site using the ‘Site Import & Export’ feature
Continue reading Part 2 here.