Geizhals.at

Geizhals.at defends price comparison site with help from Cloudflare

Geizhals.at is an ecommerce business specializing in product price comparisons for Austria and the surrounding region. For over twenty five years, the company has acted as a trusted, independent partner that helps its German-speaking audience to find the right product offer for their needs.

Challenge: Protecting against scraping and DDoS attacks

Geizhals.at’s product and pricing data is a key element of its competitive advantage. However, making this information available to potential customers also exposes it to web scrapers looking to steal the company’s research. This results in a cat-and-mouse game where Geizhals.at develops new detection rules and scrapers attempt to evade them. According to Michael Kröll, Geizhals.at’s CTO, “It’s been a growing challenge to stay in control of our created data. We needed a bot mitigation specialist, which is why we partnered with Cloudflare.”

Geizhals.at is also proud for being known as always up and available to users. However, the rise in larger-scale, more sophisticated distributed denial-of-service (DDoS) attacks threatens this reputation. While the company had defenses in place that minimized downtime, they lacked visibility into the scale and nature of the DDoS attacks that they faced and occasionally needed to respond rapidly to an attack in progress.

Preventing web scrapers from stealing pricing data

Historically, Geizhals.at managed its anti-scraping defenses in-house. The company’s IT team manually developed heuristics and web application firewall (WAF) rules designed to identify and protect against scrapers. These manual heuristics were time-consuming to create and occasionally suffered from false positives, preventing legitimate users from viewing product reviews.

Geizhels was looking for a solution that enabled its engineers to focus on its core business and win back the on average 18 hours per month spent developing anti-scraper defenses. After evaluating various solutions, Geizhals.at selected Cloudflare to act as its first line of defense against these attacks. According to Kröll, “Cloudflare is known as a market leader in fraud detection with global visibility into threats. We liked how seamless onboarding was, especially the API options that allowed us to automate the integration.”

While the company previously avoided working with third-party infrastructure providers, Cloudflare’s global scale and expertise in fraud prevention were critical to managing scraping and DDoS attacks. With attack campaigns originating from all around the world, Geizhals.at needed a distributed defense that could identify and block attack traffic before it reached and placed strain on the company’s on-premises IT infrastructure.

Protecting a reputation for constant uptime

Geizhals.at is proud to be known to its customers in Austria as a site that never has downtime. However, maintaining this reputation has meant significant work for the company’s engineers. Kröll commented, “Before Cloudflare, it was sometimes necessary to do manual interventions on short notice.”

Geizhals.at chose to outsource its anti-DDoS defenses to Cloudflare because it wanted a specialist to help it maintain that reputation in the face of more numerous, sophisticated threats. This decision has dramatically reduced the burden on its IT team, both in terms of workload and DDoS-related stress. Kröll commented, “Cloudflare’s reporting is often the only way we know we’ve been targeted with a DDoS attack.”

Now, Geizhals.at can remain always online with minimal effort from internal teams, thanks to Cloudflare.

Tailoring security to business needs

Cloudflare’s diverse set of product offerings was one of the factors that attracted Geizhals.at. According to Kröll, “As far as I know, there is no one else that provides a WAF and DDoS protection that is both convenient and powerful like Cloudflare.” The company also likes the ability to match the services that it consumes to its business needs with the flexibility to explore and add new features, such as Cloudflare Workers' image transformation capabilities, at their leisure. The Geizhals.at team looks forward to continuing to work with Cloudflare in the future.