Protect Your Adobe Commerce Site with F5 Distributed Cloud Services

Now you can use F5 Distributed Cloud Services to protect your Adobe Commerce site against malicious bots, seamlessly authenticate users, and stop online fraud – enabling you to fully maximize your Adobe Commerce investment

  • F5 Distributed Cloud Bot Defense blocks up to 99% of malicious bots and other automated attacks at the origin. 
  • F5 Distributed Cloud Account Protection leverages a real-time, closed-loop AI fraud engine designed to predict and mitigate risky or malicious transactions.
  • F5 Distributed Cloud Authentication Intelligence model’s good user behavior to ensure safe user journeys and reduces unnecessary friction (e.g., MFA, CAPTCHA).

In this article I will show you how to easily setup and configure the bot defense solution as the setup and steps are nearly identical and would be duplicative.

Note:  This article assumes you have both a F5 Distributed Cloud Services account and an Adobe Commerce Account.

Log in to F5’s Distributed Cloud Console


Click the Bot Defense tile

Make sure you are in the correct Namespace. (Tenant’s configuration objects are grouped under namespaces. Namespaces can be thought of as administrative domains.)

Click Add Application

Give your application a Name, Labels, and a Description.  Select the appropriate Application Region.

Next Choose the Connector type as Custom


Click Save and Exit

This takes you back to the Manage Applications Page.

Verify your Application has been deployed.  App Name, Connector Type App ID and the Region are Correct.

 Here you will click on the ellipsis under Actions and copy out the following information:

  • Copy App ID
  • Copy Tenant ID
  • Copy API Key
  • Copy Web API Hostname
  • Copy Telemetry Header Prefix

This will be the information we will need to supply to the Adobe Commerce site to protect your application.

Next Switch to Adobe Commerce and Login.

This will take you to Your Dashboard.

Navigate down the Left Pane and Select Stores. Click Configuration.

Navigate down the Configuration page to F5 Distributed Cloud Services.

Here we will select Distributed Cloud Bot Defense for this article.  You could just as easily Select Account Protection and/or Authentication Intelligence.  I'll cover the others in a follow-on article.

Here you configure the settings that will set all the parameters needed to integrate with F5 Distributed Cloud. (F5XC)

At the very top and most important you need to enable the Service.  This will expose all the other settings we will configure.

Now transfer all the key elements you copied out from the F5XC console:

  • Copy App ID
  • Copy Tenant ID
  • Copy API Key
  • Copy Web API Hostname
  • Copy Telemetry Header Prefix

This information is the base that allows your application to talk to and establish a connection to the F5 Distributed Cloud Console. This is enough to get connected.  Now you would configure the protection you require.

In the sections JS Insertion settings, Login Protection Settings, Protected Endpoints and Web Scraping Settings you will supply names, paths, methods and mitigations to protect your applications from the malicious bots.


All the detailed information and each setting is too much to cover for this introductory article, but I hope this helps you get started.  This shows just how easily and quickly you can set this up. 

Detailed guides will be available to explain each setting.

Although not covered here both Account Protection and Authentication Intelligence are enabled the same way.  Enable the Service in the UI and supply API hostnames and a few details copied from Distributed Cloud Console. 

Related Articles:

Updated Aug 03, 2022
Version 2.0

Was this article helpful?

No CommentsBe the first to comment