We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How to Enable Client Fingerprinting

  • Last updated on

The Barracuda Web Application Firewall uses the client fingerprinting capability to increase security. The feature collects information about the browser attributes from all the devices that the client uses during login. The client fingerprinting uses the collected information to identify suspicious clients (potential bots) and recognize web scraping attacks more quickly.  

The Need For Client Fingerprinting

For a very long time, the incoming clients into the applications have been identified using IP addresses. Apparently, this has had the following significant issues with accuracy.

  • When clients are behind a NAT-ed network, blocking an IP address can block other valid users completely.
  • The same client can jump IP addresses or use proxies to hide their actual location.

To pierce this veil and accurately identify clients, the Barracuda WAF uses various client fingerprinting techniques to identify a specific client down to the browser. This means that, when a client is identified with these techniques, it is down to a browser level and any blocks will affect only the specific client.

The Barracuda WAF uses a combination of Active and Passive Fingerprinting techniques along with a cloud-based advanced analysis layer (available with the Advanced Bot Protection subscription) to identify clients uniquely.

Techniques Used

The following are some of the techniques used by the Barracuda WAF to identify clients using fingerprinting:

  • Active Client Fingerprinting based on characteristics of the client’s system.
  • Active Request Analysis based on incoming traffic.
  • Passive SSL Fingerprinting.
  • Active Browser Analysis using an inserted Javascript (Infisecure only in 10.0).

Enabling Client Fingerprinting

To enable client fingerprinting:
  1. Navigate to Basic > Services >Advanced Configuration and set the Enable Client Fingerprinting to Yes.
  2. Navigate to Advanced > System Configuration >Advanced module and set the Enable Client Fingerprinting to Yes.

Viewing Client Fingerprints

Once you enable client fingerprinting, the client fingerprints are displayed on the BASIC > Web Firewall Logs page and BASIC >Access Logs page.

Last updated on