You are here

Client Fingerprinting configuration

Affects product: 
Airlock WAF

Client fingerprinting is a technology invented, implemented and documented by Ergon Informatik AG, to increase security. This feature enables the detection and prevention of session hijacking attempts.
Once client fingerprinting is enabled, Airlock administrators are able to penalise a user session with penalty points, depending on the configured client fingerprinting rule. Such a rule defines if and with how many penalty points are imposed on a user session when a user-agent header changes or an IP address alters. The administrator must configure a different rule for various types of Web application functionality. An action is also configured for each Web application, which defines what happens when the different thresholds are reached (log only, inform back-end about possible session hijacking, block request or terminate user’s session). Client fingerprinting is highly flexible, can be customised and configured and increases Web application security with only a few settings. For more information download the document.

Knowledge Base Categories: