AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-03-10 · Documentation low

File: waf/latest/developerguide/logging-fields.md

Summary

Added JA4 fingerprint logging documentation with implementation details

Security assessment

Introduces documentation for a new security-related logging feature (TLS fingerprint analysis) but doesn't reference patching vulnerabilities. Enhances security visibility capabilities.

Diff

diff --git a/waf/latest/developerguide/logging-fields.md
index ee28ffb51..a27d1b762 100644
--- a/waf/latest/developerguide/logging-fields.md
+++ b/waf/latest/developerguide/logging-fields.md
@@ -139,0 +140,13 @@ You provide this value when you configure a JA3 fingerprint match in your web AC
+**ja4Fingerprint**
+    
+
+The JA4 fingerprint of the request.
+
+###### Note
+
+JA4 fingerprint inspection is available only for Amazon CloudFront distributions and Application Load Balancers.
+
+The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. 
+
+You provide this value when you configure a JA4 fingerprint match in your web ACL rules. For information about creating a match against the JA4 fingerprint, see [JA4 fingerprint](./waf-rule-statement-fields-list.html#waf-rule-statement-request-component-ja4-fingerprint) in the [Request components in AWS WAF](./waf-rule-statement-fields-list.html) for a rule statement.
+