You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
JA3 is a popular client identification, including for DDoS mitigation. Also required for #1381.
Scope
Compute the JA3 hash on the Tempesta TLS layer and implement a rate limiter for each of the JA3 hash. This must be an on-the-fly reconfigurable option, proposed configuration format:
ja3 {
<hash value> <connections per second> <TLS records per second>;
}
UPDATEja4 provides hashes for TCP, TLS, HTTP and even destination measures, so we should move with ja4 and configure which layers should be computed with the hash.
Testing
Please write a test or create a new testing issue for this.
Motivation
JA3 is a popular client identification, including for DDoS mitigation. Also required for #1381.
Scope
Compute the JA3 hash on the Tempesta TLS layer and implement a rate limiter for each of the JA3 hash. This must be an on-the-fly reconfigurable option, proposed configuration format:
e.g. (
0
unlimited, default):Multi-layer JA4 hashes
UPDATE ja4 provides hashes for TCP, TLS, HTTP and even destination measures, so we should move with ja4 and configure which layers should be computed with the hash.
Testing
Please write a test or create a new testing issue for this.
Documentation
Update https://tempesta-tech.com/knowledge-base/Tempesta-TLS/ .
The text was updated successfully, but these errors were encountered: