BloomNation: Enhancing Website Security and Performance with Fastly

BloomNation is an online retailer that delivers fresh flowers directly from local florists. The company was founded in 2011 and serves customers in 5,000 cities and towns across the United States. In 2019, BloomNation was listed on Built In LA’s 50 Best Small Places to Work list, which significantly boosted their national profile. However, this recognition also attracted a flood of abusive traffic to their website, causing significant operational and customer experience challenges. The company needed a solution that could effectively repel these attacks and provide their engineering team with the ability to quickly identify and manage traffic signals.

BloomNation, an online flower retailer, faced a significant challenge in late 2019 when it was listed on Built In LA’s 50 Best Small Places to Work list. This recognition boosted their national profile but also attracted malicious actors to their website on a larger scale. The company was inundated with abusive attack traffic, including DDOS, SQLi, XSS, and credential stuffing, as malicious actors attempted to scan their web applications. This situation had a significant impact on the organization. Engineers had to divert their attention from building and deploying product features to manually researching and blocking IP addresses to keep the website operational. The surge in traffic also negatively affected the customer experience, with page load times slowing and the site breaking as attack requests increasingly hit their server instances. BloomNation needed a solution that could not only repel these attacks but also provide their engineering team with the ability to rate limit traffic to quickly tag and identify traffic signals based on custom criteria.

BloomNation turned to Fastly's rate limiting features to address their challenge. Fastly's solution allowed BloomNation to easily identify malicious traffic and prevent it from reaching their servers, thereby reducing resource utilization and improving the customer experience. At the height of the attacks, BloomNation had been dedicating three engineers to triage web attacks a few days a week. However, Fastly's tagging and filter features enabled BloomNation to categorize traffic through custom signals, freeing them from manual operations related to identifying abusive web requests. While BloomNation had been able to block IPs from further attacking their applications, the initial requests were still hitting their servers, causing considerable strain on their load balancers, which saw up to 90% CPU consumption. Fastly's rate limiting was able to stop these requests, speed up page load times, and prevent sites from being unavailable for legitimate users. Fastly's tools and features also allowed BloomNation to plan out best practices as the company grows and provided a forward-looking approach to application security.

• The implementation of Fastly's rate limiting features had a significant impact on BloomNation's operations. The solution not only helped the company repel abusive traffic but also improved the efficiency of their engineering team by eliminating the need for manual operations to identify and block abusive web requests. This allowed the engineers to focus on building and deploying product features, which is their core function. Additionally, the solution improved the customer experience by speeding up page load times and preventing the site from breaking due to excessive attack requests. Fastly's solution also provided BloomNation with a secure path forward, enabling them to plan out best practices as the company grows and offering a forward-looking approach to application security.

• Reduced resource utilization by preventing malicious traffic from hitting servers
• Freed up engineering resources from manual operations related to identifying abusive web requests
• Reduced CPU consumption on load balancers from 90% to a significantly lower level