Book a demo
Connect with us to explore our solutions or request a personalized offer
How We Built Layered Defense Against Web Scraping for an Automotive Marketplace
28 May, 2026 | 5 min
A product IT company develops and operates a unique online service for searching, buying, and selling cars.
The service is built on a multifunctional marketplace available through web and mobile apps. On the marketplace, users can search, buy, and sell new and used cars, apply for loans, and receive insurance, car selection, inspection, and delivery services.
In recent years, the main threat to the service has been the scraping of unique marketplace content by advanced bots.
The service is built on a multifunctional marketplace available through web and mobile apps. On the marketplace, users can search, buy, and sell new and used cars, apply for loans, and receive insurance, car selection, inspection, and delivery services.
In recent years, the main threat to the service has been the scraping of unique marketplace content by advanced bots.
"The main threat to marketplaces right now is web scraping. Bot operators actively parse listings and prices so that competitors can use the data to build analytics, adjust their offerings more flexibly, understand our car inventory, and stay current on new products."
CISO, Automotive Marketplace
Challenge
Beyond defending against web scraping and business logic abuse, the marketplace’s cybersecurity team aimed to improve traffic quality. The analysts needed a true view of actual traffic by filtering out parasitic activity, including illegitimate requests that standard analytics tools often treat as legitimate.
"In addition to anti-scraping protection, we wanted a tool to improve traffic quality. In particular, we needed to identify advanced bots coming from mobile farms that use IP addresses to quietly exploit the business logic of our applications. When such requests are blocked too aggressively, legitimate users can be affected as well, especially if they share the same IP ranges as the bots, for example, on mobile operator networks. We also wanted to clean the traffic so we could understand our actual MAU and DAU metrics."
CISO, Automotive Marketplace
Before Strictera addressed the issue, the client’s cybersecurity specialists tried to combat the advanced bot problem by regularly updating WAF blacklists.
"Our WAF blacklist had grown so large that many legitimate users were being blocked."
CISO, Automotive Marketplace
Then, faced with SMS pumping, the cybersecurity team attempted to curb bots abusing the API’s SMS-sending endpoints by rate-limiting requests to the web server.
"Even if rate limits are configured correctly, more sophisticated automation will inevitably emerge: advanced bots with user-agent substitution can successfully imitate initial user actions in a mobile app. In our own experience, rate limits are only as effective as the sophistication of the bot attack."
CISO, Automotive Marketplace
Solution
Strictera WAAP is a universal solution against malicious automation across websites, mobile apps, and APIs. It solved the client’s problems by protecting against scraping and other malicious bots, including business logic abuse and DDoS attacks.
"As a result, we implemented a deep, layered defense for the marketplace: Strictera WAAP filters DDoS attacks and bots at L3, L4, and L7. For the final layer of defense, we use our own WAF."
CISO, Automotive Marketplace
In addition to protection, Strictera’s decision-making system automatically delivers per-query analytics to the marketplace team.
"Strictera also tags traffic for each protected web resource. With X-verdicts delivered in request headers, we always know exactly who accessed the resource. These per-query verdicts enable us to build deep, reliable analytics of marketplace traffic."
CISO, Automotive Marketplace
Results
Effective protection against any bots at the application level
"Strictera solves the current security challenges of our native products, including web and mobile applications. This applies both to customer services and to internal corporate applications, which are also exposed externally and frequently attacked at the application level. While many providers offer solid protection at L3/L4, not all can effectively clean traffic at L7."
CISO, Automotive Marketplace
Improved infrastructure reliability
To ensure stable availability, the automotive marketplace’s specialists use geo-redundancy by placing network infrastructure components in different data centers.
To ensure stable availability, the automotive marketplace’s specialists use geo-redundancy by placing network infrastructure components in different data centers.
"We have geo-redundancy across two separate clouds. Strictera WAAP enables traffic switching at the weight level between data centers. For example, if one cloud provider’s availability zone degrades, traffic is automatically switched, and marketplace services continue to operate. Together with Strictera, we have learned to maintain the highest reliability standards."
CISO, Automotive Marketplace
Prompt retraining of mobile app traffic
Over three years of collaboration, close cooperation has been established between the marketplace's cybersecurity department and Strictera's analysts.
Over three years of collaboration, close cooperation has been established between the marketplace's cybersecurity department and Strictera's analysts.
"Mobile app traffic is always the most challenging case for an anti-DDoS provider, because it constantly requires retraining. Our mobile app is released frequently, but retraining has never been an issue. We provide Strictera’s technical support with a traffic sample and notify them of any app changes. Strictera’s analysts retrain the system within an hour using real traffic, updating the protective measures."
CISO, Automotive Marketplace
Since 2022, Strictera has been the main provider of protection against automated attacks at L3, L4, and L7, including DDoS attacks, web scraping, and business logic exploitation attempts.
In addition, Strictera WAAP improves marketplace reliability and availability through geo-based load balancing, helping keep online business operations stable 24/7.
In addition, Strictera WAAP improves marketplace reliability and availability through geo-based load balancing, helping keep online business operations stable 24/7.
Book a demo to see Strictera WAAP in action
Strictera
Innovative, scalable, and cost-efficient cybersecurity solutions to safeguard your networks, websites, apps, and APIs from evolving threats
Contact us by email:
Call the number:
Book a demo
Connect with us to explore our solutions or request a personalized offer
Table of contents