injecting JA4 TLS fingerprint into every HTTP request as header

I'd like to inject the Ja4 tls fingerprint as a request header into every request sent to the origin.

why: to have a relatively unique signature we can track that will be included in all the stacks upstream for correlation and to allow upstream actions to use it as a trusted client key.

how: Add it as a $variable injection the same way the "old" tls fingerprint is currently available as $[tls_fingerprint]. https://docs.cloud.f5.com/docs-v2/multi-cloud-app-connect/how-to/adv-security/configure-http-header-processing

who: security engineers would use this

  • Guest
  • Nov 26 2024
  • Attach files