JA3 Fingerprint
JA3 Fingerprint allows you to evaluate SSL/TLS clients that send requests to your website, independent of port, IP or HTTP parameters. This means that you can identify users with an SSL/TLS client even by changing the User Agent, port, IP or...
This feature is available in the Enterprise CDN package.
With the help of JA3 Fingerprint, it is possible to detect and block malicious and similar requests that cannot be identified by common methods such as requester's IP, User Agent, etc. Also, this feature can be used to distinguis malicious and useful bots.
How JA3 Fingerprint Works
JA3 is designed to create a Fingerprint of the SSL/TLS client and its main purpose is to provide a unique identifier of this client based on the parameters in TLS Hanshake.
To calculate the JA3 Fingerprint, the following values are first extracted from the TLS Handshake process:
- SSL/TLS Version
- List of Offered Cipher Suites
- List of Offered SSL Extensions
- Elliptic Curve List (if present)
- Elliptic Curve Point Formats (if present)
Then by putting these values together and calculating an MD5 hash from it, the JA3 Fingerprint of each request is calculated.
Activate JA3 Fingerprint
Calculating and activating JA3 Fingerprint for your website requests is possible with just one click in Arvancloud CDN. To enable this feature, turn on the "Calculate JA3 Fingerprint" option from the HTTPS settings section.
To access and view the JA3 Fingerprint of your website requests, you can activate this field from the "Log Forwarding" menu, the HTTP Requests section and receive its values in your logs.
After receiving and checking the JA3 Fingerprint values of each request, you can manage them in Arvancloud Firewall by identifying malicious requests that have the same Fingerprint. For this, register a new rule in Arvancloud CDN's "Firewall Settings" and set the rule parameter to JA3 Fingerprint. Then block these requests using the hash value extracted from the logs.