Class: AWSCDK::WAFv2::CfnRuleGroup::JA4FingerprintProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_rule_group.rb

Overview

Available for use with Amazon CloudFront distributions and Application Load Balancers.

Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY .

You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .

Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(fallback_behavior:) ⇒ JA4FingerprintProperty

Returns a new instance of JA4FingerprintProperty.

Parameters:

  • fallback_behavior (String)

    The match status to assign to the web request if the request doesn't have a JA4 fingerprint.



2283
2284
2285
2286
# File 'wa_fv2/cfn_rule_group.rb', line 2283

def initialize(fallback_behavior:)
  @fallback_behavior = fallback_behavior
  Jsii::Type.check_type(@fallback_behavior, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "fallbackBehavior")
end

Instance Attribute Details

#fallback_behaviorString (readonly)

The match status to assign to the web request if the request doesn't have a JA4 fingerprint.

You can specify the following fallback behaviors:

  • MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
  • NO_MATCH - Treat the web request as not matching the rule statement.


2297
2298
2299
# File 'wa_fv2/cfn_rule_group.rb', line 2297

def fallback_behavior
  @fallback_behavior
end

Class Method Details

.jsii_propertiesObject



2299
2300
2301
2302
2303
# File 'wa_fv2/cfn_rule_group.rb', line 2299

def self.jsii_properties
  {
    :fallback_behavior => "fallbackBehavior",
  }
end

Instance Method Details

#to_jsiiObject



2305
2306
2307
2308
2309
2310
2311
# File 'wa_fv2/cfn_rule_group.rb', line 2305

def to_jsii
  result = {}
  result.merge!({
    "fallbackBehavior" => @fallback_behavior,
  })
  result.compact
end