StormWall Client Portal Update for Website Protection: New Antibot Section and JA3 Blocking Feature
In response to the rising bot activity, we've enhanced the website protection capabilities for our Enterprise plan (only available with SSL decryption). This update includes the introduction of a new Antibot section, where we moved the HTTP rule chain checks and added a new feature – JA3 blocking.
JA3 Blocking
One of the main updates is the JA3 Blocking feature, which helps protect clients from malicious resources.
How JA3 Blocking Works
- JA3 Hash Collection: The platform analyzes parameters sent by the client and calculates a JA3 hash based on these parameters accordingly.
- Comparison with a List: The obtained JA3 hash is compared to a preconfigured list of blocked or allowed JA3 hashes.
- Blocking or Allowing: Depending on the comparison result, the client's request can be either blocked or allowed.
- Additional Validation Levels: Additional validation levels, such as CAPTCHA, JSA Validation, JS Validation, and Redirect, can be activated to ensure the legitimacy of the client.
- Request Processing: The client's request is processed according to the decision – either the client gains access to resources or is denied access, depending on the JA3 blocking configuration.
Validation Levels for JA3 Blocking
The JA3 Blocking feature includes four validation levels, which can be used in combination to provide a comprehensive level of protection against malicious bots.
- CAPTCHA
This level is activated when suspicious activity is detected and offers the user to enter a CAPTCHA to confirm that they are not a bot.
- JSA Validation
JSA Validation analyzes the execution of JavaScript code on the client side and is activated when a more comprehensive level of verification is required.
- JS Validation
JS Validation checks for the presence and execution of JavaScript code on the client side.
- Redirect
Redirect redirects the bot to another page to provide an additional level of protection. You can choose the most suitable option from the list for your situation.
Additional Features
- Search and Editing: We have also added tools for searching blocked and unblocked resources by hash, IP address, and description. This search works throughout the list, providing you with quick access to the necessary data.
- Modal Window: An advanced option for editing data for different elements that simplifies configurations.
JA3 Hash File Import
You can also add a .txt file with a list of JA3 hashes in a single window. In addition to uploading a file, users can manually add multiple JA3 hashes in the same window. It's important to note that when adding a list of IP addresses and subnets for clarification, the list of IP addresses and subnets will be the same for each of the added hashes.
Moving HTTP Rule Chains
Now the configuration of HTTP rule chains is also located in the Antibot section. Create custom rules to filter out non-standard attacks, configure them according to specific requirements and risks for your website. You can define the order of rule application and set their priority yourself. The feature to move rules from one chain to another is also available.
The above-mentioned updates should simplify setting up protection against botnets and ensure a higher level of security for your website. In the meantime, we continue to work on improvements to provide our clients with the best DDoS protection solution on the market. Look out for new updates!
