PromoFarma.com is part of Europe’s largest online pharmacy, Zur Rose Group, selling health, beauty, and personal care products. Based in Barcelona, PromoFarma operates 10 regional websites and sells over 150,000 products on behalf of more than 1000 pharmacies. PromoFarma’s engineering team also builds and supports similar ecommerce businesses for Fastly's edge cloud platform has helped the team improve scalability and security, as well as block automated bots that scrape content from the site.
Industry: Online retail
Location: Barcelona, Spain
Customer since: 2019
Managing growth during a surge of online shopping
As a growing business, PromoFarma needs to handle both vertical and horizontal scale. The team is actively working on rolling out new regional sites while managing increasing numbers of visitors on their existing sites. Since the coronavirus pandemic forced Europeans to stay home and shop online, PromoFarma has seen their traffic increase by almost 30%, and the team expects many of these new customers to stay long term.
If this traffic surge had happened a few months prior, the team would have struggled to manage the load on their servers and databases with their legacy CDN. However, PromoFarma had adopted Fastly in late 2019. By handling traffic at the edge, the site could better avoid capacity constraints or bottlenecks with Fastly’s built-in routing and load balancing features. When the pandemic hit in 2020, PromoFarma servers remained stable and regional sites scaled seamlessly to serve 75 million visitors in 2020, about 6 million visitors per month.
The decision to migrate to Fastly was straightforward for the PromoFarma team. Their technical director had already evaluated several leading CDN providers at a previous job. For PromoFarma, he felt that Fastly’s edge cloud platform had the most to offer his engineers. The platform was flexible, easy to use, included robust security features, and integrated with their existing Terraform deployment workflow.
The PromoFarma stack includes other services that work well with Fastly. The team uses Ansible to configure EC2 machines, and Helm with YAML to manage their Kubernetes clusters. GitLab serves as their code repository and pipeline tool, and most traffic goes through GraphQL as an API gateway.
Fastly’s real-time log streaming sends logs to Datadog for monitoring and analytics. The team was able to configure the integration within five minutes, and now they have CDN and WAF data readily available to help them make better informed decisions.
“Fastly is a product that’s designed with technical people in mind. Our team tried it and loved it right away.”
As an ecommerce site, PromoFarma handles personally identifiable information (PII) data, such as credit card numbers, during normal transactions. It’s imperative to the business that the website handle sensitive data with the highest level of security. The team relies on Fastly’s web application firewall (WAF) for built-in protection against malicious attacks.
Fastly WAF protects against injection attacks, cross site scripting, HTTP protocol violations, and more without negatively impacting site performance. By blocking bad traffic at the edge, Fastly shields PromoFarma’s servers from having to cope with attacks on top of the heavy demand from normal traffic.
Fastly logs have been particularly useful when it comes to mitigating attacks. The PromoFarma team set up dedicated dashboards in Datadog that helps them track patterns and potential threats. When an incident occurs, the team can make immediate changes to their WAF configuration as needed.
“Because we only accept traffic from partners, Fastly’s WAF helps make our servers more stable and secure. It works great for us.”
A common problem for ecommerce sites is price scraping. PromoFarma’s competitors are continually watching the company’s prices, and some send out automated bots to scrape information across the site’s large catalog. The team had considered adopting a dedicated anti-scraping service, which would incur extra costs and engineering time.
With Fastly, the team can better manage bot traffic by writing custom logic in Fastly’s Varnish Configuration Language (VCL) to block bot servers based on their autonomous system number (ASN). The team also wrote VCL to implement a Captcha challenge during login to help filter good traffic from bad. As a result, the team saved time and costs, as well as pushed more data protection power to the network edge and away from their origin.
“We can really tune our CDN with Fastly’s VCL. We’ve been able to write custom logic that cleans up a lot of bot traffic and significantly reduces scraping on our site.”
Next up for PromoFarma is a new site for the Europe market, which has very strict rules around health data security. The team is exploring Fastly’s load balancing feature, which will help them easily switch traffic from their current Amazon infrastructure to different data centers located in different countries, like Germany, Switzerland, Ireland. Load balancing will also offer greater disaster recovery protection for their database fleet at large — if one database goes down, they can immediately redirect traffic to another that’s available. This is yet another opportunity for the team to be better prepared for business growth as PromoFarma moves into new markets across Europe and beyond.