Open cberescu opened 2 years ago
We'll need to think more about it, but to answer your last question, I don't think it would be doable in a plugin.
Hey @mpl,
Since raw tcp/udp connection are now handled by traefik in recent version, is it now possible to create plugins to expose http2, tls (ja3), quic fingerprint as internal headers to the app or still not possible?
Hi @mpl ,
Did you have a change to look a little more into this ?
I find such a feature more and more useful when fighting bots, it will be a lot easier to block them without stopping legitimate traffic.
I wait your answer with hope in my ❤️ .
Since raw tcp/udp connection are now handled by traefik in recent version, is it now possible to create plugins to expose http2, tls (ja3), quic fingerprint as internal headers to the app or still not possible?
Sorry, no. While it is true that some progress has been made on the tcp/udp front, there is no TCP plugins mechanism yet. (And tbh, even if there was, I think it would be "too late" to get the relevant information, once you're at the plugin level).
Hi @mpl ,
Did you have a change to look a little more into this ?
I find such a feature more and more useful when fighting bots, it will be a lot easier to block them without stopping legitimate traffic.
I wait your answer with hope in my ❤️ .
Sorry to break your ❤️ , but no, this issue hasn't been in our priorities.
Thanks for the answer @mpl , hopefully in the future its time will come.
Have a great day.
Welcome!
What did you expect to see?
It will be great is ForwardAuth could create also a TLS fingerprint. This will help in detecting bots and traffic from unwanted platforms. With this type of fingerprint you can track only the software used to make the request.
More details about the fingerprint can be found here : https://github.com/salesforce/ja3
P.S. Is this something that could be accomplished by creating a plugin ?