Posted On: Nov 17, 2022

Details: Amazon CloudFront now supports Cloudfront-viewer-ja3-fingerprint headers, enabling customers to access incoming viewer requests’ JA3 fingerprints. Customers can use the JA3 fingerprints to implement custom logic to block malicious clients or allow requests from expected clients only.

A Cloudfront-viewer-ja3-fingerprint header contains a 32-character hash fingerprint of the TLS Client Hello packet of an incoming viewer request. The fingerprint encapsulates information about how the client communicates and can be used to profile clients that share the same pattern. You can add the Cloudfront-viewer-ja3-fingerprint header to an origin request policy and attach the policy to your CloudFront distributions. You can then inspect the header value in your origin applications or in your Lambda@Edge and CloudFront Functions, and compare the header value against a list of known malware fingerprints to block the malicious clients. You can also compare the header value against a list of expected fingerprints to allow only requests bearing the expected fingerprints.

Cloudfront-viewer-ja3-fingerprint headers are available for immediate use in all CloudFront edge locations. You can enable JA3 fingerprint headers in your CloudFront Console or using the AWS SDK. There are no additional fees to use JA3 fingerprint headers. For more information, see the CloudFront Developer Guide.