E-commerce footwear company VegNonVeg uses F5 Distributed Cloud Bot Defense to protect its online store from bots that caused newly launched shoes to sell out almost immediately. In addition to improving the customer experience and satisfaction, the solution saves staff time, reduces infrastructure costs, and eliminates the risk of bot-driven site outages.
High-demand, limited supply sneakers have become a pop-culture phenomenon with a market value approaching $100 billion, thanks to the “sneakerheads” who collect popular shoes. VegNonVeg opened in 2016 to bring such premium sneakers, including shoes from Nike, Adidas, Converse, Reebok, and others, to Indian consumers. Based in Delhi with storefronts in Mumbai and Bangalore and Bollywood connections, the company draws its name from the idea of enjoying the tastiest from both vegetarian and non-vegetarian cuisines. This “best of everything” philosophy appears in its curated selection of footwear, streetwear, books, and collectibles.
The business makes hot shoes available on advertised dates and sees big surges in website traffic on those launch or “drop” dates. VegNonVeg’s web traffic can jump 50 or 100 times normal and then back down again within an hour, which is why the company uses Amazon CloudFront to quickly scale its infrastructure and maintain availability.
But capacity isn’t enough. VegNonVeg needed to stop traffic from bots. AWS edge security services helped mitigate DDoS attacks but couldn’t prevent customer complaints about shoes selling out in a matter of seconds, thanks to scripted bots purchasing faster than any human.
“There are a lot of malicious bots not giving everybody else a fair chance,” says Kamal Kalra, Director of Operations for VegNonVeg. “The first time, we were shocked. We thought we must have a technical issue.” Analysis helped reveal bots snapping up most or all of the company’s inventory for resellers who, like ticket scalpers, then sold the shoes at inflated prices.
VegNonVeg was still making sales, but not to the sneaker lovers they wanted to serve and without building a customer community for other products. Kalra says, “It’s a double whammy from a business point of view. First, your actual customers are not getting the product, and second, the website experience is bad and it’s a brand reputation problem.”
Meanwhile, bots were consuming database and server capacity and inflating the company’s infrastructure costs. Kalra says, “It was affecting our business a lot.”
The VegNonVeg team tried a host of bot mitigation techniques, from CAPTCHA and honeypots to a web application firewall (WAF) and selective traffic blocking. Some of these attempts introduced friction for customers, and even efforts that worked once quickly failed as the bots adapted and came back stronger than before. Kalra says, “A lot of our time, efficiency, and energy was going into trying to figure out a solution. We tried a lot of things at our end, but the problem wasn’t solved.”
That’s when VegNonVeg turned to F5 for help. The company implemented F5 Distributed Cloud Bot Defense in mid-2022. Kalra says implementation was “very straightforward.” (It’s even easier today, thanks to a prebuilt AWS connector recently introduced by F5.)
Bot attacks and server hits dropped right away, which Kalra calls, “one of the biggest success factors that we could see almost immediately. We solved the bot menace we’ve been facing.”
Kalra praises the ability to fine-tune the protection so it stops highly motivated bots, including those retooled to adapt to defenses, without unnecessary friction for human customers. He also calls his service experience with F5 “exceptional.”
“Being a very small start-up, we weren’t expecting very quick responses, and we weren’t expecting the entire F5 team to work with us.” According to Kalra, VegNonVeg was pleasantly surprised to get both.
He calls the solution’s dashboard and analytics “an eye-opener. F5 gave me insight into a lot of things I wasn’t aware of—other scrapers and crawlers going onto the website that we might not have ever figured out.”
That included 24/7 scraping of inventory records that enabled resellers to know VegNonVeg’s exact sizes and prices even before a shoe launched. Kalra says that was a bigger threat than the automated sales, but Distributed Cloud Bot Defense handled it.
“The moment we stopped the scrapers and crawlers, we completely blindsided the resellers,” he says. “That has been a great experience with F5.”
Kalra shares the F5 dashboard with his executive leadership team to make the solution’s benefits clear.
“Complaints have gone down, our overall customer experience has improved, there are no more server down errors or database writing issues, and the speed on the website has improved,” he says.
He offers a tip for e-commerce security. “If you think something fishy is going on, look for the experts rather than trying to solve it at your end. It’ll save time and money you would have otherwise wasted.”
VegNonVeg picks and chooses its footwear, whether a pair of hyped Nikes or Birkenstock sandals. But for bot mitigation, only one flavor will do: VegNonVeg’s expert of choice is F5.