22 results found
-
Bot prevention measures
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Any other WAF rules to protect the website from anonymous usage and attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the…
11 votes -
Fraud prevention
We are working to resolve ongoing issues with fraudulent ecommerce orders. Frequently, bots have placed orders using stolen credit card information with valid bill-to addresses but random ship-to addresses. Unfortunately, these orders were shipped before we received dispute requests, which forced us to issue credits to customers and resulted in unrecoverable product losses.
We attempted to implement the DataDome solution; however, it was not compatible with Optimizely. I also understand that Optimizely currently uses the Spreedly gateway for credit card processing, and I’m aware that Spreedly provides a fraud prevention solution that is not included with Optimizely.
Could you please…
8 votes -
Website Stability via Rate Limiting
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of…
6 votes -
Sales rep profile + website user
As a sales rep, I would like to be able to see my customers tied to my sales rep profile as well as customers tied to to my web users.
Because of this I can not use my account to make purchases for myself. The only customers I see are the ones tied to my sales rep profile.
5 votes -
Support for Cyncly as a Payment Gateway with Spreedly
We are researching new payment gateway options and are interested in upgrading to Cyncly Payments.
5 votes -
Enable Cloudflare's leaked credentials detection
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- WAF compromised credentials check
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user…
5 votes -
We need to be either notified or be able to see the Password re-set e-mails being suppressed in at Optimizely
We need to be either notified or be able to see the Password re-set e-mails being suppressed in at Optimizely
4 votes -
Improve the processing time of Restriction Group Rebuild step
I’m seeing only one CPU core was utilized during the execution of the job Rebuild Search Index. As a result the Restriction Group Rebuild step is very slow, even though there are less than 100 items.
2 votes -
PIM: Export product list from a category
In PIM: I want to export all products that are assigned in a certain category. For example, I have category A with 300 products, and I want to export these 300 products in category A. As for now, when I'm in category A in PIM and click on "products" I get the listed products assigned to category A, BUT I can't export them in a excel list or other files types.
2 votes -
mission control job to sync user files from sandbox to prod
In the event that a client inadvertently deletes a folder from their media library, resulting in numerous broken images, we propose a solution to enhance efficiency and reduce manual intervention. Currently, we have a mission control job in place to synchronize user files from Production to Sandbox. We recommend establishing a reciprocal mission control job to facilitate the synchronization of user files from Sandbox back to Production. This enhancement would allow for seamless restoration of accidentally deleted user files, eliminating the need for clients to manually re-upload their files.
1 vote -
Azure.AI
Add the Azure.AI library to the list of allowed libraries. Certain Azure features, such as Azure Document intelligence, are very difficult to use without the Azure provided SDKs and classes. The Azure.AI library would enable numerous new customizations with reduced complexity.
1 vote -
Mission Control SQL Server Credentials takes ~10 mins
It's hard to respond to incidents when the credentials alone take 10 minutes to gather. We need faster response time for a variety of reasons. If you have to connect to 6 instances, it takes approximately an hour of time just to get the credentials. It's cumbersome. It should take no more than 60 seconds. Even that adds up on larger cross-customer analyses (which I try to do with outages that have issues that may affect more than one customers).
1 vote -
Data Dog SQL Server Recommendations
To optimize the Configured Commerce databases easily, we need the SQL Server recommendations to exist within Data Dog.
This is easily accessible within Azure App Insights.
1 vote -
Data Dog Profiler
Data Dog has no profiler so we can't do real RCAs for anything that's on it Configured Commerce.
The Data Dog .NET Core profiler does not provide key insights such as Thread Pool Starvation metrics that are necessary. So, even after the upgrade we'll still be missing key information for diagnostics.
1 vote -
Logical Reads on CFG SQL Dashboard
Logical Reads are the most important metric to measure a SQL Server because this metric has no proxy, including CPU or Physical Reads.
1 vote -
Configured Commerce B2B Analytics - allow more than GA4
We would like to use the standard B2B Analytics package included with Configured Commerce. We do not want our data to pass through a GA4 account. We are requesting the ability to use the analytics functionality with an alternative account or platform that allows us to fully own and control our data.
1 vote -
Enhancement Request: OOTB Support for Additional Payment Gateways
Description: We would like to request an enhancement to include "Robot Payment" and "GMO" as the OOTB payment gateway. Currently, these payment gateways are not available OOTB. Providing OOTB support for these gateways would significantly benefit customers operating in regions where these payment providers are widely adopted.
Business Justification : These payment gateways are actively used by our client and are critical for their regional payment requirements. Not available OOTB.
Native or supported integrations would improve adoption of Optimizely Configured Commerce in regions where these gateways are common.Requested Enhancement: Include the mentioned payment gateways as the OOTB supported option.
…
1 vote -
Reintroduce or Provide Alternative Method to Restrict Access to the Admin Console in Configured Commerce (V3)
As part of our recent internal security audit, we identified a vulnerability related to unrestricted access to the Optimizely Configured Commerce Admin Console.
In the legacy V1 architecture, administrators could restrict Admin Console access by domain or IP range using configuration updates (as described in the Optimizely documentation: https://docs.developers.optimizely.com/configured-commerce/docs/restricting-access-to-admin). However, in the V3 architecture, this capability is no longer supported or configurable within the managed environment.
Our support engagement (Ticket #1788512) confirmed that this feature was not migrated to V3 due to complications with the impersonation feature and has since been deprecated. As a result, customers currently have no…
1 vote -
Disable Weak TLS Cipher Suites (CBC-mode Ciphers) in Managed Commerce Environments
As part of a recent internal and third-party security assessment (conducted by Optiv Security), our organization identified that our Optimizely Configured Commerce production environment (www.whitecap.com) currently supports weak TLS cipher suites, including CBC-mode ciphers.
These ciphers are considered outdated and potentially vulnerable to known cryptographic attacks (e.g., Lucky 13 and BEAST). Security best practices and compliance frameworks (such as PCI DSS, NIST SP 800-52r2, and OWASP guidelines) recommend disabling weak or deprecated cipher suites and enforcing stronger ones such as AES-GCM or CHACHA20_POLY1305 with TLS 1.2+ only.
During our support engagement (Ticket #1789304), the SRE team confirmed that…
1 vote -
PIM - History details not shown for latest changes on produts
I'm not able to see the latest change history details for some products.
There are two panels with history lists, one to the left and one in the middle under the "history" tab.The list to the left only shows the latest change on the products but I'm not able to click on it to see the actual change that has been made. I can only see the product status and the date of the change.
On the other hand, the history list in the middle has a drop down where I can click on the different history versions and…
0 votes
- Don't see your idea?