lastminute.com is a worldwide travel company that helps customers in 40 countries to search and book travel related products and services. The company operates a portfolio of well-known brands such as lastminute.com, Volagratis, Rumbo, weg.de, Bravofly, Jetcost and Hotelscan, each with its consumer website in multiple languages and own security and performance needs with a total combined traffic that exceeds 60 million unique visitors a month.
Every day, over 23,000 passengers rely on lastminute.com for their travel arrangements. Its sites need to stay online and performant 24/7, and its team must remain vigilant of competitors trying to scrape for business intelligence data.
The Challenge
lastminute.com was being overwhelmed by bot attacks. This came both in the form of bot traffic, which was ruining analytics, and scraper bots mining its sites for pricing and availability data. Much of the challenge stemmed from the fact that lastminute.com’s web application security was being served by its CDN provider, through a third-party service.
Having to go to a third-party for its security needs added an unnecessary layer of complexity and obfuscation. It was not easy for lastminute.com’s team to discern when they were under attack, nor what the extent of the attack was. Protecting new sites, as well as monitoring and customizing the protection of its existing sites, was more complicated than it needed to be. Worst of all, bots were still regularly scraping lastminute.com’s website.
The Cloudflare Solution
Switching to Cloudflare immediately resolved lastminute.com’s performance and security challenges. Cloudflare’s integrated solution accelerates and protects lastminute.com’s sites from one service — no more dealing with middlemen and third-party vendors. And with the Cloudflare API, lastminute.com was able to automate the process of migrating its portfolio of sites to Cloudflare.
Better yet, Cloudflare is more intuitive and affordable than lastminute.com’s previous solutions, and it saw performance improvements right away: lastminute.com’s sites load an average of 20% faster after switching to Cloudflare.
Most important, Cloudflare’s security solutions put a stop to the bot attacks. lastminute.com’s team can now easily see when attacks are being blocked — and they quickly discovered that Cloudflare was blocking 200,000 malicious actions from reaching its network each month.
• lastminute.com was being overwhelmed by bot attacks. By moving to Cloudflare, it was able to mitigate these attacks in one fell swoop.
• Cloudflare blocks 200,000 malicious requests from reaching lastminute.com sites each month.
• lastminute.com’s sites load an average of 20% faster after switching to Cloudflare.
“With Cloudflare we were able to stop hostile bot activity in one fell swoop. By consolidating our security and performance providers into a single service we’ve lowered our total cost of ownership — and Cloudflare’s solution is much easier to use than our previous setup.”
Mirco Patroncini
Director of Platform Engineering, lastminute.com