Note: Meeting Room 7 will be available as an On-Call Room for attendees.

Back To Schedule
Wednesday, August 30 • 15:40 - 16:10
Bots Are Fast, Humans Are Smarter—Eliminate Unwanted Traffic and Defend Against DDoS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In a world with ever-growing DDoS attacks, L7 attacks give even the most experienced engineers the sweats. Imagine if instead of following easy to detect patterns, bots could mimic the behaviour of customers. Well, that’s exactly what Shopify sees every day during flash sales.

Come and learn how we block nearly all bot traffic on our load balancers without any human intervention. We will share our challenges of differentiating between web crawlers and bots, users behind NATs and bots rotating user agents, as well as fast humans and browser extensions. When the stakes are blocking a customer completing a checkout, misclassification isn’t an option.

This is not yet another machine learning talk, but an example of how simple statistics, heuristics and some sane limits can give great results with minimal complexity. The lessons learned in this talk are applicable to any real-world problem with inexact constraints.

avatar for Felix Glaser

Felix Glaser

Senior Production Security Engineer ☁️ 生产安全工程师 ☁️, Shopify
Felix likes to climb, cycle, and code in Canada. The first two outside and the other one at Shopify, where he works on securing containers and their deployment into the cloud.

Wednesday August 30, 2017 15:40 - 16:10 IST
Meeting Rooms 1+2