Code Room
System designHardsd-g618
Subject Waf bot detection securityLevel Senior–Staff~50 minCommon in Security · Reliability & on-call interviewsIndustries Technology

Question

Design a WAF and bot-detection system fronting an e-commerce platform that sees 3M requests/sec, including aggressive scrapers, inventory-hoarding bots, and credential-stuffing attacks. It must block malicious traffic inline with <5ms added latency, distinguish sophisticated headless-browser bots from real shoppers, and avoid blocking legitimate users (false positives cost revenue). Cover the inline filtering pipeline, the signals you use to score traffic, and the precision-vs-recall trade-off.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.