The JA3 Fingerprint feature enables you to assess SSL/TLS clients that submit requests to your website, regardless of port, IP address, or HTTP parameters. This capability allows you to recognize users with an SSL/TLS client even if they change their User Agent, port, or IP address.
For example, a financial institution can utilize the JA3 Fingerprint feature to monitor and analyze the SSL/TLS clients accessing their services. By identifying specific fingerprints associated with known malicious activity, they can enhance their security measures against potential threats.
JA3 is crafted to generate a fingerprint of the SSL/TLS client, primarily aimed at providing a distinct identifier for each client based on parameters during the TLS handshake process.
To compute the JA3 Fingerprint, the following values are extracted from the TLS handshake:
By consolidating these values and calculating an MD5 hash, the JA3 Fingerprint for each request is derived.
Enabling the calculation and activation of the JA3 Fingerprint for requests to your website can be accomplished with a single click within the VergeCloud CDN. To turn on this feature, enable the Calculate JA3 Fingerprint option found in the HTTPS settings section.
To access and monitor the JA3 Fingerprint of requests to your website, activate this field in the Log Forwarding menu under the HTTP Requests section to receive its values in your logs.
After retrieving and verifying the JA3 Fingerprint values for each request, you can manage them through the VergeCloud Firewall by identifying malicious requests with identical fingerprints. For this, create a new rule in the VergeCloud CDN's Firewall Settings and set the rule parameter to JA3 Fingerprint. Subsequently, block these requests using the hash values extracted from the logs.