For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smouzakis's avatar
smouzakis
Icon for Nimbostratus rankNimbostratus
Aug 13, 2017

Block HTTPS URLs using Performance L4 VS

Hi,   Is it possible to block traffic based on http host using performance l4 virtual server using it as transparent proxy? Source IP: 0.0.0.0 Destination IP: 0.0.0.0 Port: 443 (https)   Best R...
application delivery
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Aug 15, 2017

If you really require Performance L4 feature, you can filter on SNI header instead on host value. When a client initiate a SSL negotiation, it can send a TLS header named Server Name.

 

current browsers send this header with the value of the Host header (IE on Windows XP does not, new versions does it). look at this thread to check Server Name header.

 

I never tried to use TCP::collect in performance L4 VS. You can try this solution and update this thread if worked (or not :-) ).