13 results found
-
Bot prevention measures
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Bot Protection - Challenge suspected bots to confirm user authenticity
- Bot detection with javascript to identify headless browsers
- Any other WAF rules to protect the website from anonymous usage and attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the…
6 votes -
Manage email suppression list
Allow the management of the email suppression list to which email addresses are added after multiple failure to send email.
Currently there is no visibility to this list.3 votes -
Enable Cloudflare's leaked credentials detection
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- WAF compromised credentials check
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
- Bot Protection - Challenge suspected bots to confirm user…
4 votes -
Website Stability via Rate Limiting
Please note: this idea required splitting so that various points may be addressed as information becomes available.
New request:
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of specific countries (Challenge beyond the primary range/limit and block beyond the secondary range/limit)
- Basic Rate Limiting - Can we add a rule with rate limiting to block DoS attacks
Original request:
Please help with implementing below security features ASAP. There are so many frequent attacks on the website that causes the websites to go down.
- Geographical Rate Limiting - Add rules with rate limiting for traffic outside of…
4 votes -
Many customers change their SKU and it's not really supported in Configured Commerce
We have several client which rename SKUs in their ERP instead of deactivating and create a new one for multiple reasons. Recently one of them ask us to create a "Master UID" for them to map and update our products, but this field is internal only and not visible to the customers, so it's an internal ID used between the ERP, PIM and Configured Commerce to update the product.
Can such a field be added and could be used as an alternate natural key to simplify everything? Seems to us like a common issue.
3 votes -
We need to be either notified or be able to see the Password re-set e-mails being suppressed in at Optimizely
We need to be either notified or be able to see the Password re-set e-mails being suppressed in at Optimizely
1 vote -
Export product list from a category
In PIM: I want to export all products that are assigned in a certain category. For example, I have category A with 300 products, and I want to export these 300 products in category A. As for now, when I'm in category A in PIM and click on "products" I get the listed products assigned to category A, BUT I can't export them in a excel list or other files types.
2 votes -
Reintroduce or Provide Alternative Method to Restrict Access to the Admin Console in Configured Commerce (V3)
As part of our recent internal security audit, we identified a vulnerability related to unrestricted access to the Optimizely Configured Commerce Admin Console.
In the legacy V1 architecture, administrators could restrict Admin Console access by domain or IP range using configuration updates (as described in the Optimizely documentation: https://docs.developers.optimizely.com/configured-commerce/docs/restricting-access-to-admin). However, in the V3 architecture, this capability is no longer supported or configurable within the managed environment.
Our support engagement (Ticket #1788512) confirmed that this feature was not migrated to V3 due to complications with the impersonation feature and has since been deprecated. As a result, customers currently have no…
1 vote -
Disable Weak TLS Cipher Suites (CBC-mode Ciphers) in Managed Commerce Environments
As part of a recent internal and third-party security assessment (conducted by Optiv Security), our organization identified that our Optimizely Configured Commerce production environment (www.whitecap.com) currently supports weak TLS cipher suites, including CBC-mode ciphers.
These ciphers are considered outdated and potentially vulnerable to known cryptographic attacks (e.g., Lucky 13 and BEAST). Security best practices and compliance frameworks (such as PCI DSS, NIST SP 800-52r2, and OWASP guidelines) recommend disabling weak or deprecated cipher suites and enforcing stronger ones such as AES-GCM or CHACHA20_POLY1305 with TLS 1.2+ only.
During our support engagement (Ticket #1789304), the SRE team confirmed that…
1 vote -
Fraud prevention
We are working to resolve ongoing issues with fraudulent ecommerce orders. Frequently, bots have placed orders using stolen credit card information with valid bill-to addresses but random ship-to addresses. Unfortunately, these orders were shipped before we received dispute requests, which forced us to issue credits to customers and resulted in unrecoverable product losses.
We attempted to implement the DataDome solution; however, it was not compatible with Optimizely. I also understand that Optimizely currently uses the Spreedly gateway for credit card processing, and I’m aware that Spreedly provides a fraud prevention solution that is not included with Optimizely.
Could you please…
2 votes -
PIM - History details not shown for latest changes on produts
I'm not able to see the latest change history details for some products.
There are two panels with history lists, one to the left and one in the middle under the "history" tab.The list to the left only shows the latest change on the products but I'm not able to click on it to see the actual change that has been made. I can only see the product status and the date of the change.
On the other hand, the history list in the middle has a drop down where I can click on the different history versions and…
0 votes -
PIM - Improve validation with trailing space characters
The current PIM import process automatically strips trailing space characters from all fields before validating the import. This causes frustrating behavior when a category is named (accidentally or otherwise) with a trailing space character in it.
The import validation strips the space characters from the file, which causes the import to fail with the "Category Name not found" error. The PIM admin then has no good way of identifying that the trailing space character is what is causing the issue since the error does not specify which category is the one not found.
In order to avoid this, I would…
1 vote -
Enable 3DS API Integration Support for Bambora
Bambora currently supports 3D Secure (3DS) authentication, which is an industry-standard security protocol designed to reduce fraud and increase authorization rates during online transactions. However, Configured Commerce does not currently offer out-of-the-box support for Bambora's 3DS API integration.
This would include:
• UI/Settings support to enable/disable 3DS within Bambora configurations.
• Backend integration to perform 3DS authentication flows as part of the payment process.
Priority: high - currently unnecessary risk for TD/Bambora enabled customers to accept online payments without 3DS.
1 vote
- Don't see your idea?