Forum Discussion
NimbostratusBlock HTTPS URLs using Performance L4 VS
Hi,
Is it possible to block traffic based on http host using performance l4 virtual server using it as transparent proxy? Source IP: 0.0.0.0 Destination IP: 0.0.0.0 Port: 443 (https)
Best Regards,
SM
- CharlesCS
Cirrus
It's not possible to associate a ClientSSL profile with a Performance-L4 virtual server, which means you are not able to decrypt the incoming request data. As a result, it's not possible to examine the HTTP Host header, and therefore you cannot block traffic based on that content.
In order to decrypt traffic (i.e., to associate a ClientSSL profile) you must use a Standard virtual server.
Stanislas_Piro2Cumulonimbus
Hi,
The feature to block http / https request as a transparent proxy is "ssl forward proxy". It requires a dedicated license. You can find here the documentation to configure it
- Stanislas_Piro2
If you really require Performance L4 feature, you can filter on SNI header instead on host value. When a client initiate a SSL negotiation, it can send a TLS header named Server Name.
current browsers send this header with the value of the Host header (IE on Windows XP does not, new versions does it). look at this thread to check Server Name header.
I never tried to use TCP::collect in performance L4 VS. You can try this solution and update this thread if worked (or not :-) ).
