aaPanel
[Feature Request] 支持 JA4 指纹识别
个人觉得 JA4 指纹在 Bot 对抗里还是很有用的,秒杀脚本小子肯定是没问题的。
JA4 指纹和 JA4+ 指纹不同,JA4 指纹使用的是 BSD-3 协议,允许商用。 同时 JA4 指纹只包含最核心的 TLS 指纹,只需要在 TLS 握手时进行运算,占用应该不会太高。 甚至还有公开的 JA4 指纹库
附:
看协议。不允许商用的
JA4: TLS Client Fingerprinting is open-source, BSD 3-Clause, same as JA3. FoxIO does not have patent claims and is not planning to pursue patent coverage for JA4 TLS Client Fingerprinting. This allows any company or tool currently utilizing JA3 to immediately upgrade to JA4 without delay.
JA4S, JA4L, JA4LS, JA4H, JA4X, JA4SSH, JA4T, JA4TS, JA4TScan and all future additions, (collectively referred to as JA4+) are licensed under the FoxIO License 1.1. This license is permissive for most use cases, including for academic and internal business purposes, but is not permissive for monetization. If, for example, a company would like to use JA4+ internally to help secure their own company, that is permitted. If, for example, a vendor would like to sell JA4+ fingerprinting as part of their product offering, they would need to request an OEM license from us.
只有 JA4+ 才适用于 FoxIO License 1.1,JA4 是 BSD 3-Clause,可以商用。
反正挺乱的。nginx 模块是属于aj4 还是属于aj4+ 这个就没用描述清楚。之前就想加了。奈何这个开源协议不是特别友好
确实,nginx 模块的协议的确有些模糊。🤔但 JA4 算法本身应该是可以商用的。有计划在云 WAF 上实现全套 JA4 的组件么? 或者也可以向 FoxIO 发邮件问下
