Preventing ad fraud by reducing bot traffic using AWS WAF with AppsFlyer

AppsFlyer helps brands make smarter decisions for their businesses and customers with its advanced marketing measurement, analytics, and engagement technologies. The company serves 80,000 brands around the world, measuring over 12 trillion mobile actions annually.

Founded in 2011, AppsFlyer relied on a traditional CDN with static rule configurations for routing its web traffic. Over time, the company began to near its service limits. “We wanted to act in advance to continue serving our customers,” says Danny Tourgeman, vice president of research and development at AppsFlyer. “We could find workarounds, but it would create a developer experience with a lot overhead.”

The company also needed to limit the amount of fraudulent traffic on its networks without denying service to customers. To filter its web traffic, AppsFlyer wanted a robust, dynamic solution that would require little engineering overhead to maintain. This led the AppsFlyer team to migrate to Amazon CloudFront.

“We learned that Amazon CloudFront could support our current traffic and the volume of traffic that we expect to see in the next couple of years,” says Michael Reznik, engineering group manager at AppsFlyer. “Working alongside the AWS team gave us a lot of the confidence we needed to migrate and enhance our cloud-based capabilities.”

The migration to Amazon CloudFront required aligning 10 independent engineering teams that are responsible for managing more than 20 domains. To accelerate the project, AppsFlyer’s leadership designated individual team leads for each engineering group. These leads provided weekly progress updates and looped in the AWS team for technical support as needed.

AppsFlyer also worked closely alongside the AWS team to control its CDN costs, which meant completing the migration to Amazon CloudFront in under 1 month. “It was mission critical,” says Reznik. “By having very open discussions with the AWS team, we could build a realistic plan for our company.”

While planning its migration, AppsFlyer needed to secure its cloud-based networking infrastructure. Previously, the company relied on granting access to web traffic using allow lists. To replicate these measures, AppsFlyer deployed preconfigured rule sets in AWS WAF to protect its web applications from common exploits.

Because AppsFlyer was already reaching its limits on its CDN, the company opted to migrate its largest and most complex domain to Amazon CloudFront first. While migrating its domains in waves, the company validated that it could maintain the same or better performance as before. “We wanted to do all the difficult work up front to make it simpler for our individual engineering teams to follow in our footsteps and learn best practices,” says Tourgeman.

Since then, the company has focused on developing customized AWS WAF rules to route its traffic more effectively. “Managing static rules used to be a daily stressor for our team,” says Reznik. “Now, we’ve transitioned our engineers to focus on product development and building out our strategic road map instead.”

AppsFlyer completed its migration to Amazon CloudFront on time, marking a major improvement in the company’s developer velocity. “Even today, we get requests to build something within a tight deadline. Our CDN command teams proved that it was possible for us innovate quickly,” says Tourgeman.

Further, by building a highly resilient, secure architecture on AWS, AppsFlyer can maintain 99.9 percent availability while processing 550 billion requests daily. The company has also reduced the amount of web traffic generated from bots by 50 percent. By intercepting this traffic, the company has saved 30 percent on infrastructure costs.

Additionally, AppsFlyer can protect its datasets from marketing ad fraud, helping it deliver relevant, actionable insights to customers. “We improved our data integrity, which is very important to us,” says Reznik. “Using AWS WAF has helped us support our product goals. We can validate the data that is going into our attribution engine.” The company’s goal was not just to protect its systems but to deliver more accurate, trustworthy measurement to its customers. Using the robust, near real-time capabilities of AWS WAF helped AppsFlyer to achieve this at massive scale, facilitating data accuracy and reliability across billions of daily interactions while decreasing alerts and pager duties by 15 percent.

AppsFlyer will continue to improve its custom rule sets in AWS WAF by using generative AI to identify traffic patterns and generate new rule sets. “We’re learning how to build better rules from our data,” says Reznik. “Each new feature that we develop using AWS will help us reduce our development work and take our automations to the next level.”