Skip to content

Terraform module : Ja3FingerPrint BlockList maintainer based on StepFunctions

Latest
Compare
Choose a tag to compare
@psantus psantus released this 04 Jan 23:23

In v2.0.0 the FingerPrint Blacklist

  1. is fed only with Ja3FingerPrints that get blocked multiples times by WAF. To do this, we rely on a CloudWatch Alarm + CloudWatch Log Insights queries, and no longer subscribe to all the logs.
  2. will remove Ja3FingerPrints from the blacklist after a user-defined time, and will only apply blocking on pre-labelled traffic. We do this because Ja3FingerPrint is not specific enough