@aws-sdk/client-wafv2 3.421.0 → 3.422.0

package/dist-types/models/models_0.d.ts

@@ -402,11 +402,19 @@ export declare const FallbackBehavior: {
 export type FallbackBehavior = (typeof FallbackBehavior)[keyof typeof FallbackBehavior];
 /**
  * @public
- * <p>Match against the request's JA3 fingerprint header. The header contains a hash fingerprint of the TLS Client Hello packet for the request. </p>
+ * <p>Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each
+ * 						request that has enough TLS Client Hello information for the calculation. Almost
+ *                         all web requests include this information.</p>
  *          <note>
  *             <p>You can use this choice only with a string match <code>ByteMatchStatement</code> with the <code>PositionalConstraint</code> set to
- *        <code>EXACTLY</code>. </p>
+ *        <code>EXACTLY</code>.  </p>
  *          </note>
+ *          <p>You can obtain the JA3 fingerprint for client requests from the web ACL logs.
+ * 						If WAF is able to calculate the fingerprint, it includes it in the logs.
+ * 						For information about the logging fields,
+ * see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html">Log fields</a> in the <i>WAF Developer Guide</i>. </p>
+ *          <p>Provide the JA3 fingerprint string from the logs in your string match statement
+ * 							specification, to match with any future requests that have the same TLS configuration.</p>
  */
 export interface JA3Fingerprint {
     /**
@@ -769,11 +777,19 @@ export interface FieldToMatch {
     HeaderOrder?: HeaderOrder;
     /**
      * @public
-     * <p>Match against the request's JA3 fingerprint header. The header contains a hash fingerprint of the TLS Client Hello packet for the request. </p>
+     * <p>Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each
+     * 						request that has enough TLS Client Hello information for the calculation. Almost
+     *                         all web requests include this information.</p>
      *          <note>
      *             <p>You can use this choice only with a string match <code>ByteMatchStatement</code> with the <code>PositionalConstraint</code> set to
-     *        <code>EXACTLY</code>. </p>
+     *        <code>EXACTLY</code>.  </p>
      *          </note>
+     *          <p>You can obtain the JA3 fingerprint for client requests from the web ACL logs.
+     * 						If WAF is able to calculate the fingerprint, it includes it in the logs.
+     * 						For information about the logging fields,
+     * see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html">Log fields</a> in the <i>WAF Developer Guide</i>. </p>
+     *          <p>Provide the JA3 fingerprint string from the logs in your string match statement
+     * 							specification, to match with any future requests that have the same TLS configuration.</p>
      */
     JA3Fingerprint?: JA3Fingerprint;
 }
@@ -869,8 +885,12 @@ export interface ByteMatchStatement {
      *             </li>
      *             <li>
      *                <p>
-     *                   <code>JA3Fingerprint</code>: The string to match against the web request's JA3 fingerprint header. The header contains a hash fingerprint of the TLS Client Hello packet for
-     *                  the request. </p>
+     *                   <code>JA3Fingerprint</code>: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match <code>ByteMatchStatement</code> with the <code>PositionalConstraint</code> set to
+     *        <code>EXACTLY</code>. </p>
+     *                <p>You can obtain the JA3 fingerprint for client requests from the web ACL logs.
+     * 						If WAF is able to calculate the fingerprint, it includes it in the logs.
+     * 						For information about the logging fields,
+     * see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html">Log fields</a> in the <i>WAF Developer Guide</i>. </p>
      *             </li>
      *             <li>
      *                <p>