AWS waf documentation change
Summary
Added JA4 fingerprint logging documentation with implementation details
Security assessment
Introduces documentation for a new security-related logging feature (TLS fingerprint analysis) but doesn't reference patching vulnerabilities. Enhances security visibility capabilities.
Diff
diff --git a/waf/latest/developerguide/logging-fields.md index ee28ffb51..a27d1b762 100644 --- a/waf/latest/developerguide/logging-fields.md +++ b/waf/latest/developerguide/logging-fields.md @@ -139,0 +140,13 @@ You provide this value when you configure a JA3 fingerprint match in your web AC +**ja4Fingerprint** + + +The JA4 fingerprint of the request. + +###### Note + +JA4 fingerprint inspection is available only for Amazon CloudFront distributions and Application Load Balancers. + +The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. + +You provide this value when you configure a JA4 fingerprint match in your web ACL rules. For information about creating a match against the JA4 fingerprint, see [JA4 fingerprint](./waf-rule-statement-fields-list.html#waf-rule-statement-request-component-ja4-fingerprint) in the [Request components in AWS WAF](./waf-rule-statement-fields-list.html) for a rule statement. +