The Barracuda Web Application Firewall uses the client fingerprinting capability to increase security. The feature collects information about the browser attributes from all the devices that the client uses during login. The client fingerprinting uses the collected information to identify suspicious clients (potential bots) and recognize web scraping attacks more quickly.
The Need For Client Fingerprinting
For a very long time, the incoming clients into the applications have been identified using IP addresses. Apparently, this has had the following significant issues with accuracy.
- When clients are behind a NAT-ed network, blocking an IP address can block other valid users completely.
- The same client can jump IP addresses or use proxies to hide their actual location.
To pierce this veil and accurately identify clients, the Barracuda WAF uses various client fingerprinting techniques to identify a specific client down to the browser. This means that, when a client is identified with these techniques, it is down to a browser level and any blocks will affect only the specific client.
The Barracuda WAF uses a combination of Active and Passive Fingerprinting techniques along with a cloud-based advanced analysis layer (available with the Advanced Bot Protection subscription) to identify clients uniquely.
The following are some of the techniques used by the Barracuda WAF to identify clients using fingerprinting:
- Active Client Fingerprinting based on characteristics of the client’s system.
- Active Request Analysis based on incoming traffic.
- Passive SSL Fingerprinting.
Enabling Client Fingerprinting
To enable client fingerprinting:
- Navigate to Basic > Services >Advanced Configuration and set the Enable Client Fingerprinting to Yes.
- Navigate to Advanced > System Configuration >Advanced module and set the Enable Client Fingerprinting to Yes.
Viewing Client Fingerprints
Once you enable client fingerprinting, the client fingerprints are displayed on the BASIC > Web Firewall Logs page and BASIC >Access Logs page.