maskit commented on code in PR #12995: URL: https://github.com/apache/trafficserver/pull/12995#discussion_r2962956230
########## plugins/experimental/jax_fingerprint/config.h: ########## @@ -0,0 +1,66 @@ +/** @file + + @section license License + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + */ + +#pragma once + +#include "ts/ts.h" +#include "method.h" + +#include <string> +#include <unordered_set> + +enum class Mode : int { + OVERWRITE, + KEEP, + APPEND, +}; + +enum class PluginType : int { + GLOBAL, + REMAP, +}; + +// This hash function enables looking up the set by a string_view without making a temporal string object. Review Comment: fixed ########## doc/admin-guide/plugins/jax_fingerprint.en.rst: ########## @@ -0,0 +1,179 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +.. include:: ../../common.defs + +.. _admin-plugins-jax-fingerprint: + +JAx Fingerprint Plugin +********************** + +Description +=========== + +The JAx Fingerprint plugin generates TLS client fingerprints based on the JA4 or JA3 algorithm designed by John Althouse. + +Fingerprints can be used for: + +* Client identification and tracking +* Bot detection and mitigation +* Security analytics and threat intelligence +* Understanding client implementation patterns + + +Plugin Configuration +==================== + +You can use the plugin as a global plugin, a remap plugin, or both. + +To use the plugin as a global plugin, add the following line to :file:`plugin.config`:: + + jax_fingerprint.so --standalone + +To use the plugin as a remap plugin, append the following line to a remap rule on :file:`remap.config`:: + + @plugin=jax_fingerprint.so @pparam=--standalone + +To use the plugin as both global and remap plugin (hybrid setup), have the both without `--standalone` option. + + +.. option:: --standalone + +This option enables you to use the plugin as either a global plugin, or a remap plugin. In other +words, the option needs to be specified if you do not use the hybrid setup. + +.. option:: --method <JA4|JA4H|JA3> + +Fingerprinting method (e.g. JA4, JA3, etc.) to use. + +.. option:: --mode <overwrite|keep|append> + +This option specifies what to do if requests from clients have the header names that are specified +by `--header` and/or `--via-header`. Available setting values are "overwrite", "keep" and "append". + +.. option:: --servernames <servername1,servername2,...> + +This option specifies server name(s) for which the plugin generates fingerprints. +The value must be provided as a single comma separated value (no space) of server names. + +.. option:: --header <header_name> + +This option specifies the name of the header field where the plugin stores the generated fingerprint value. If not specified, header generation will be suppressed. + +.. option:: --via-header <via_header_name> + +This option specifies the name of the header field where the plugin stores the generated fingerprint-via value. If not specified, header generation will be suppressed. + +.. option:: --log-filename <filename> + +This option specifies the filename for the plugin log file. If not specified, log output will be suppressed. + + +Plugin Behavior +=============== + +Global plugin setup +------------------- + +Global plugin setup is the best if you: + * Need a fingerprint on every request + +Remap plugin setup +------------------ + +Remap plugin setup is the best if you: + * Need a fingerprint only on specific paths, or + * Cannot use Global plugin setup + +.. note:: For JA3 and JA4, fingerprints are always generated at the beginning of connections. Using remap plugin setup only reduces the overhead of adding HTTP headers and logging. + +Hybrid setup +------------ + +Hybrid setup is the best if you: + * Need a fingerprint only for specific server names (in TLS SNI extension), and + * Need a fingerprint only on specific paths + + +Log Output +========== + +The plugin output a log file in the Traffic Server log directory (typically ``/var/log/trafficserver/``) if a log filename is +specified by `--log-filename` option. Review Comment: fixed -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
