Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 Bot Defense for Salesforce Commerce Cloud – Protect Your E-Commerce Site From Unwanted Bots and Illegitimate Traffic (1 of 2)

Srikanth7
F5 Employee
F5 Employee

on ‎10-Nov-2021 08:15

This article is the first in a two-part series. Go to Part 2 here.

Introduction

Effective security matters to every retailer of every size because attacks continue to increase, whether engineered by humans or automated by bots. To help all our e-commerce customers succeed, F5 has made security easy to adopt and offers a wide range of integrations, including with cloud-based commerce platforms like Salesforce Commerce Cloud (SFCC). F5 Bot Defense integrates directly into the SFCC storefront and protects your digital business against unwanted bots and illegitimate traffic. Website owners and developers can gain full visibility, protect against credential stuffing, fraud & abuse attacks, and other advanced attacks that bypass traditional security controls. 

In this article, you will learn how to configure and customize the F5 Bot Defense solution for your SFCC site. The solution is delivered as a certified cartridge and supports both the legacy Site Genesis Salesforce Commerce Cloud eCommerce sites and the modern Storefront Reference Architecture (SFRA) sites. 

Note: This article contains a fair number of references to Shape Security-related offerings including Shape Enterprise Defense. Shape Security was acquired by F5 in 2020 and many of the products and offerings are currently undergoing a rebranding effort. During a period of time, you will continue to see the Shape branding reflected in the user interface, some settings, and occasionally in product references.

0EM1T000003KYaQ.png

Figure 1: F5 Bot Defense for Salesforce Commerce Cloud

Deployment Steps

The F5 cartridge can be deployed with either Storefront Reference Architecture (SFRA), a controller-based SiteGenesis site, or a pipeline-based SiteGenesis site. The deployment steps outlined below were tested for Salesforce B2C Version 21.7, Compatibility mode 21.2, and SFRA version 6.0.0.

Prerequisites

F5 Bot Defense requires an API key and a header prefix string for your e-commerce website to connect to the backend engine. Please contact your F5 account team or F5 customer services for any help in obtaining the API key and the prefix string.

Step 1: Install the F5 Cartridge and Import the Metadata

Firstly, you will install the F5 Cartridge and set up the business manager, for integrating F5 Bot Defense with SFCC.

Download and Install the F5 Bot Defense Cartridge

Deploy the F5 Bot Defense cartridge using Salesforce UX Studio for Eclipse. Alternatively, you can use Visual Studio code with the Prophet Debugger extension.

  • Download the F5 cartridge from the SFCC LINK Marketplace by clicking on the Download Integration button.
  • Establish a new digital server connection with your SFCC instance.
  • Import cartridges to the workspace in Salesforce UX Studio.

0EM1T000003KYci.png

Figure 2: F5 Bot Defense cartridge imported into the workspace within Salesforce UX Studio

  • Add the cartridge to the Project Reference of Server Connection.

0EM1T000003KYcg.png

Figure 3: F5 Bot Defense cartridge added to the Project Reference of Server Connection

  • Wait until the Studio completes the workspace build and uploads source codes to the sandbox.

Assign the F5 Bot Defense Cartridge to the Storefront Site

  • In the SFCC Business Manager portal, navigate to Administration > Sites > Manage Sites. On the Storefront Sites webpage, click on your site name.
  • Next, click on the Settings tab on the site webpage.
  • At the beginning of the cartridge path, add the following: int_f5:int_f5_sfra:
  • When done, press the Apply button.

0EM1T000003KYc1.png

Figure 4: F5 Bot Defense cartridge path added to the Storefront site

Import the Metadata

To add the newly configured setting to the Storefront site, you will need to import the pre-defined metadata:

  • Open the downloaded cartridge package and navigate to the /metadata/f-five folder.
  • Click on the Sites folder and rename the RefArch folder to the ID of your storefront site specified in the Business Manager. Then, zip the f-five folder.
  • Navigate to Administration > Site Development > Site Import & Export.
  • Under the Upload Archive section, upload the f-five.zip file and click on the Import button.

0EM1T000003KYc2.png

Figure 5: Import the pre-defined metadata for the site using the ‘Site Import & Export’ feature

 

Continue reading Part 2 here.

Labels:
Version history
Last update:
‎10-Nov-2021 08:15
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC