on 10-Nov-2021 08:15
This article is the first in a two-part series. Go to Part 2 here.
Effective security matters to every retailer of every size because attacks continue to increase, whether engineered by humans or automated by bots. To help all our e-commerce customers succeed, F5 has made security easy to adopt and offers a wide range of integrations, including with cloud-based commerce platforms like Salesforce Commerce Cloud (SFCC). F5 Bot Defense integrates directly into the SFCC storefront and protects your digital business against unwanted bots and illegitimate traffic. Website owners and developers can gain full visibility, protect against credential stuffing, fraud & abuse attacks, and other advanced attacks that bypass traditional security controls.
In this article, you will learn how to configure and customize the F5 Bot Defense solution for your SFCC site. The solution is delivered as a certified cartridge and supports both the legacy Site Genesis Salesforce Commerce Cloud eCommerce sites and the modern Storefront Reference Architecture (SFRA) sites.
Note: This article contains a fair number of references to Shape Security-related offerings including Shape Enterprise Defense. Shape Security was acquired by F5 in 2020 and many of the products and offerings are currently undergoing a rebranding effort. During a period of time, you will continue to see the Shape branding reflected in the user interface, some settings, and occasionally in product references.
Figure 1: F5 Bot Defense for Salesforce Commerce Cloud
The F5 cartridge can be deployed with either Storefront Reference Architecture (SFRA), a controller-based SiteGenesis site, or a pipeline-based SiteGenesis site. The deployment steps outlined below were tested for Salesforce B2C Version 21.7, Compatibility mode 21.2, and SFRA version 6.0.0.
F5 Bot Defense requires an API key and a header prefix string for your e-commerce website to connect to the backend engine. Please contact your F5 account team or F5 customer services for any help in obtaining the API key and the prefix string.
Firstly, you will install the F5 Cartridge and set up the business manager, for integrating F5 Bot Defense with SFCC.
Deploy the F5 Bot Defense cartridge using Salesforce UX Studio for Eclipse. Alternatively, you can use Visual Studio code with the Prophet Debugger extension.
Figure 2: F5 Bot Defense cartridge imported into the workspace within Salesforce UX Studio
Figure 3: F5 Bot Defense cartridge added to the Project Reference of Server Connection
Figure 4: F5 Bot Defense cartridge path added to the Storefront site
To add the newly configured setting to the Storefront site, you will need to import the pre-defined metadata:
Figure 5: Import the pre-defined metadata for the site using the ‘Site Import & Export’ feature
Continue reading Part 2 here.