Configuring a JA3/JA4 Fingerprint Tag
JA3/JA4 is a fingerprinting technology for SSL/TLS client identification. By analyzing TLS handshake metadata, it generates unique fingerprints to distinguish different client applications. With dedicated mode, if a layer-7 reverse proxy (for example, ELB) is deployed in front of WAF and its fingerprint is transferred to WAF with the header field, you can configure the JA3/JA4 fingerprint tags for the domain name protected by WAF. Then, the fingerprints along with tags will be transferred to WAF. WAF processes requests based on the TLS fingerprint (JA3) and TLS fingerprint (JA4) configured in the precise protection rule. This can mitigate JA3/JA4 fingerprinting attacks.
Prerequisites
You have connected your website to WAF in dedicated mode. For details, see Connecting a Website to WAF (Dedicated Mode).
Constraints
This function is only supported by dedicated mode access.
Configuring a JA3/JA4 Fingerprint Tag
- Log in to the WAF console.
- Click
in the upper left corner and select a region or project.
- (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
- In the navigation pane on the left, click Website Settings.
- On the Website Settings page, click the target website domain name.
- Choose
under JA3 Fingerprint Tag or JA4 Fingerprint Tag, and enter the corresponding fingerprint tags. , click
- Set JA3 Fingerprint Tag to X-Forwarded-Tls-Ja3.
- Set JA4 Fingerprint Tag to X-Forwarded-Tls-Ja4.
Figure 1 TLS Fingerprint Identifier
Follow-up Operations
You can add a precise protection rule and configure TLS fingerprint (JA3) and TLS fingerprint (JA4) tags for the rules to process requests carrying JA3 and JA4 fingerprints.
- Return to the management console. In the navigation pane on the left, choose Policies.
- Click the target policy and enable Precise Protection.
- Click Add Rule and specify parameters.
Figure 2 Adding TLS Fingerprint (JA3) or TLS Fingerprint (JA4) tag for a rule
- Condition: Set Field to TLS fingerprint (JA3) or TLS fingerprint (JA4), and set Logic and Content as required.
- Configure other parameters by referring to Configuring a Precise Protection Rule.
Operation Result Verification
- Clear the browser cache and access the protected website. The request is blocked.
- Return to the WAF console. In the navigation pane on the left, choose Events. On the displayed page, view the event log.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot