Forum Discussion

smouzakis's avatar
Icon for Nimbostratus rankNimbostratus
Aug 13, 2017

Block HTTPS URLs using Performance L4 VS



Is it possible to block traffic based on http host using performance l4 virtual server using it as transparent proxy? Source IP: Destination IP: Port: 443 (https)


Best Regards,




3 Replies

  • It's not possible to associate a ClientSSL profile with a Performance-L4 virtual server, which means you are not able to decrypt the incoming request data. As a result, it's not possible to examine the HTTP Host header, and therefore you cannot block traffic based on that content.


    In order to decrypt traffic (i.e., to associate a ClientSSL profile) you must use a Standard virtual server.


  • Hi,


    The feature to block http / https request as a transparent proxy is "ssl forward proxy". It requires a dedicated license. You can find here the documentation to configure it


  • If you really require Performance L4 feature, you can filter on SNI header instead on host value. When a client initiate a SSL negotiation, it can send a TLS header named Server Name.


    current browsers send this header with the value of the Host header (IE on Windows XP does not, new versions does it). look at this thread to check Server Name header.


    I never tried to use TCP::collect in performance L4 VS. You can try this solution and update this thread if worked (or not :-) ).