AMARA Eliminates 15% Server Load & Ends Bot Incidents With DataDome

15% reduction in server load

100% stable traffic & website performance

Zero bot-related on-call incidents

Retail & e-commerce Scraping

AMARA is the go-to online destination for luxury homeware in more than 100 countries. Scraper bots were aggressively targeting the site, the most exposed endpoint being the product pages. This was causing unpredictable traffic spikes, sometimes up to 10 times the site’s normal load. The team selected DataDome for its efficient bot detection capabilities, seamless integration with AWS CloudFront, and low-risk subscription model. Today, they no longer have traffic spikes or bot-related incidents, and the overall traffic load has been reduced by 15%.

The Challenge: Content theft, traffic spikes, and on-call incidents.

As an online-only business since 2008, AMARA’s battle with bad bots started several years ago. The website’s extensive catalogue, which includes products from more than 300 leading luxury home brands, attracted aggressive scrapers looking to steal its product descriptions and prices. Some bot operators even went as far as setting up clones of AMARA’s pages.

The most noticeable effect of all this unwelcome activity was irregular, unpredictable traffic spikes, which would sometimes trigger performance problems and on-call incidents.

“We could have spikes of more than 10 times our normal baseline load of traffic, and we would have to scale up our server capacity to deal with them,” explains Ross Motley, Head of Web Development at AMARA. “When we investigated, we’d find that it was bots — usually scraping our product pages, but occasionally also doing vulnerability scanning.”

The team were wondering how to prevent vulnerability scanning from bad bots. To stop the malicious visitors, Ross and his team would block the offending IP ranges and suspicious user agents via their WAF. But the approach took up time that could have been better spent on other tasks, and the effectiveness was limited.

“Many of the attacks were very distributed, with regular user agents and thousands of different IPs,” says Ross. “In those cases, it’s very hard to identify the IPs that are causing the problem. So we always had this fear that we’d be faced with a major attack and not have the tools to cope with it.”

The Solution: High performance, low-risk commitment.

The team decided they needed more robust defenses against automated attacks. When they started to research bot protection solutions, DataDome immediately caught their attention.

“This was a rather developer-driven initiative, and we wanted a proof of concept period where we could see real-world results,” Ross explains. “We appreciated DataDome’s transparent pricing, and the opportunity to sign up for a short initial contract period—not everyone we spoke to do things that way. We also liked that we didn’t have to change any of our DNS settings.”

The onboarding process was quick and painless. The team opted to set up DataDome in their AWS CloudFront distribution via the Lambda@Edge service, which simplifies implementation to the extreme.

“Switching on the CloudFront module was almost immediate,” Ross confirms. “It took a little more time to install the JavaScript tag, but there really wasn’t a lot of setup to do. All in all, getting the solution up and running took a week or two, but in actual dev time it was more like a day.”

Of course, performance remained the most important criteria: “DataDome was the first solution we tested, but the performance we saw during the trial made it easy to decide to switch it on and keep it in place,” says Ross.

The Results: Stable traffic load, no more bot-related incidents.

The most important goal for the project—putting an end to the abuse of AMARA’s server resources to restore website performance—was achieved right off the bat.

“We’ve seen a clear reduction in traffic, around 15% overall, and the bots are no longer impacting our website performance. We just don’t get these huge traffic spikes anymore,” Ross observes. “We haven’t had any bot-related incidents since we installed DataDome, including hack attacks from vulnerability scanning bots. We’re also seeing a very low level of false positives, which is great.”

He also likes the insights provided by the DataDome dashboard: “We’ve got really good visibility now, and a very good representation of the split between the bad bots, the good bots, and the gray-zone ones, which DataDome calls commercial bots.”

Whenever there is a significant attack, the team will receive an email notification—but they no longer need to drop everything they were doing and spend the next couple of hours mitigating.

“Those blocked attack notifications are quite interesting, and they’re a great pitch for the product,” smiles Ross. “Just a few days ago, we had an attack which would probably have been our record number of requests per minute. But instead of getting an out-of-hours call, we just got an email informing us that we wouldn’t be getting that call. We’re definitely happy DataDome customers!”