Build & maintain complex distributed systems
October 1–2, 2017: Training
October 2–4, 2017: Tutorials & Conference
New York, NY

Automated bot squashing: How to build your own bot fighting infrastructure

Felix Glaser (Shopify)
2:25pm3:05pm Tuesday, October 3, 2017
Average rating: ****.
(4.67, 3 ratings)

Who is this presentation for?

  • Anyone who deals with a large volume of unwanted traffic created by bots

Prerequisite knowledge

  • A basic understanding of networking and L7 and DDoS attacks

What you'll learn

  • Learn how Shopify bans bots at scale and fights off DDoS attacks


In a world with ever-growing DDoS attacks, L7 attacks give even the most experienced engineers headaches. Now imagine if instead of following easy-to-detect patterns, bots mimicked customer behavior. That’s exactly what Shopify sees every day during flash sales.

For small stores that release tiny numbers of sought-after products, those products are often resold for a huge profit, creating a situation where, for bad actors, it’s advantageous to buy as many products as quickly as possible. During flash sales, when milliseconds matter, bots buy faster than humans. These bots’ constant search for new products created a constant load on Shopify’s infrastructure and SREs—until the company decided to create an automated system to detect and block nearly all bot traffic on its load balancers.

Felix Glaser offers an overview of this system and shares the challenges Shopify faced differentiating between bots and humans. Bots act as headless browsers or browser extensions, rotate their user agent to appear as NATed users, and mimic human browsing as best they can. When the stakes are real customers unable to complete their checkouts, misclassification isn’t an option.

Join in to learn how Shopify used simple statistics, heuristics, and some reasonable thresholds to block bots on its online stores and cut down up to 50% of its traffic and developed a bot detection software that doubles as a robust DDoS protection system.

Photo of Felix Glaser

Felix Glaser


Felix Glaser is a production engineer at Shopify, where he works on networking and security-related applications. Previously, Felix ran and sold his own startup,, which matched roommates. In his free time, he organizes and plays CTFs for fun.