Every online merchant knows that there are many challenges to operating a website, especially an online store. As with any business, visitor numbers can increase dramatically during sales or promotions. What this means is your website will come under severe load due to the spike in visitor traffic. Without proper mitigation, the website will crash and become inaccessible.
When that happens, the online merchant will lose money for every second that the web server is down. Potential customers will be unable to browse for your products and make purchases. In addition to this legitimate spike in web visitors, websites also often come under attack by bots or scripts. This is known as a Distributed Denial of Service (DDoS) which is perpetrated by hackers or malicious organizations to disrupt your business.
Fear not! There are techniques to prevent website from being overloaded. We’ll explore some of the common mitigations below.
Using a CDN to cache static objects
To prevent website from being overloaded, one of the easiest ways to relieve the stress put on your website during heavy traffic is just to use Content Delivery Network (CDN). A CDN is a network of servers that caches content from an origin server and serves them to the end users. Static objects like images are the most common items to cache via a CDN.
How it works is pretty simple. Someone visits a website and the page uses images that are hosted on the CDN servers. When the image is requested from the nearest CDN server and the image is not found, it is then requested from the origin server, i.e., your website, and stored in that CDN server. Since there is now a copy of the images on the CDN server, any subsequent visitors to the page will now just request the images from the CDN, not your website.
An online store has potentially hundreds or thousands of images of products, so using a CDN will take a huge load off your web server. Your website bandwidth usage will also be reduced greatly with the use of a CDN.
Consider the use of auto-scaling instances
Having just one server to host your website is a pretty outdated concept. Not only is that prone to outages due to heavy traffic, you run the risk of server hardware failure. As we’ve mentioned above, an inaccessible website, whatever the reason, means loss of revenue for the online store.
If the current infrastructure of your website revolves around a single physical server, then consider using a Cloud Hosting Provider such as Amazon Web Services (AWS), Microsoft Azure or Google Cloud. These cloud providers have virtual machines which can automatically scale out based on your website traffic load. More instances of the virtual machines will be spawned as the website traffic grows, ensuring that every website visitor is able to use the website.
With minor changes to your website codes, you can soon be free of worrying about whether your website can withstand a large crowd of online shoppers.
Implement rate-limiting by IP or user agent
This technique is more for alleviating automated attacks by bots or scripts. Operate a website long enough and someone will come along to try to attack it. Common reasons for these sorts of attacks are to brute force login credentials or to scrape content from the website.
When they use only a small subsets of IP addresses or user agents, then this is a suitable mitigation to counter the attacks. Web servers like Apache and Nginx have the ability to block IPs or user agent.
If you’re worried about accidentally blocking legitimate users, then implement rate-limiting instead of blocking. For example, real users will not hit a login page many times within a short period of time, hence rate-limiting will useful here.
Block rotating proxy servers
When the attacks come via specific IP addresses, it is easy to block. Unfortunately, attackers can employ the use of rotating proxy servers to hit the website. This means every request to the website will be using a different IP address. Traditionally, there is no way to block such attacks without blocking real users.
However, IP2Location has the ability to detect residential proxy servers which are commonly used by rotating proxy server providers. The IP2Proxy PX10 or higher package contains RES proxy types which are the residential proxies. Just query the IP2Proxy data and block the IPs.
There are many other techniques to prevent website from being overloaded but we’ve selected those that are easy to implement so your website can operate optimally. Implement the above and you can rest easy that your website can keep making money instead of losing money.