JA3Fingerprint - Amazon WAFV2
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

JA3Fingerprint

Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. Amazon WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

Note

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

You can obtain the JA3 fingerprint for client requests from the web ACL logs. If Amazon WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the Amazon WAF Developer Guide.

Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

Contents

FallbackBehavior

The match status to assign to the web request if the request doesn't have a JA3 fingerprint.

You can specify the following fallback behaviors:

  • MATCH - Treat the web request as matching the rule statement. Amazon WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

Type: String

Valid Values: MATCH | NO_MATCH

Required: Yes

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: