Once connected, the service will display on your account’s main dashboard and under the My Services section. To access the configuration options, simply select the service name.
When the new page opens, choose the object you want to manage by clicking on its row, which features a graph thumbnail. The presence of a “lock” icon in a table row indicates that protection settings for the domain cannot be modified.
In the left menu, select the Antibot item.
On the page that opens, customizable parameters are presented.
JA3 Blocking and Allowlisting
JA3 is a method for generating digital fingerprints of SSL/TLS connections by hashing parameters from the Client Hello message.
After establishing a TCP connection (right after the ACK packet exchange), the client can initiate an encrypted session with the server by sending a “Client Hello” packet. This packet contains TLS parameters, including the protocol version, a random key, and other essential data.
JA3 works by leveraging the fact that this set of parameters (like the list of supported ciphers, extensions, and TLS version) remains almost identical for the same application. This means, for instance, that a browser and a piece of malware will send different “Client Hello” packets, but the same application will consistently produce the same fingerprint across multiple launches.
This consistency allows for the identification of client applications based on their TLS fingerprints, enabling fine-grained traffic control — allowing or blocking specific types of traffic as needed.
To configure JA3 blocks and permissions, click on the Add Blocking JA3 button or the Full-screen Mode button.
Fill out the form that opens to configure JA3 blocking, uploading data in the “.txt” format if necessary. Then, click the Add button.
In the JA3 Protection Mode field, select the desired response method for connections matching a JA3 fingerprint.
The selected mode will apply to all JA3 hashes listed in the Blocking tab. Changes in this section do not affect settings in the Allowlisting tab.
It’s also important to note that the protection mode configured here applies only to traffic that matches the specified JA3 hashes and does not impact the handling of other traffic.
To configure JA3 allowlisting, switch to the JA3 Allowlisting tab.
Fill it out and click the Add button.
Once the blocking and allowlisting rules are added, they will appear in the table.
HTTP Rule Chains
You can create chains for processing HTTP requests and check them against multiple parameters simultaneously, specifying the desired actions for matching requests.
This allows you to inspect the presence or absence of specific headers, cookies, and much more. By building rule chains, you can implement a wide range of access control combinations — based on addresses, packet states, and other criteria.
Click the Add rule chain button in the HTTP rule chains section.
Fill in the field and click the Add button.
The chain will then appear in the list. Click its name to start adding rules.
Click the + Add rule button.
In the form that opens, create a rule.
Specify the actions to be taken when the request matches or does not match the rule.
You can create a rule without specifying a method — in this case, the rule will apply to all methods.
Click the = button in the Headers section if you need to set the inequality sign: !=.
When BLOCK is selected in the Action field, a text box will appear for entering the HTTP response code to be returned when the rule is triggered (e.g., 403).
For example, you can create a rule named “general”, specifying the methods “GET”, “POST”, “PUT”, and “DELETE” and the location “^/(api|mobileapp)/.+” with the action “Go to chain api_validation” if the rule is matched, and “NEXT RULE” if it is not.
Examples of Rules:
After creating the rule, it will appear in the table and be available for editing.
