Is it possible to block traffic based on http host using performance l4 virtual server using it as transparent proxy?
Source IP: 0.0.0.0
Destination IP: 0.0.0.0
Port: 443 (https)
It's not possible to associate a ClientSSL profile with a Performance-L4 virtual server, which means you are not able to decrypt the incoming request data. As a result, it's not possible to examine the HTTP Host header, and therefore you cannot block traffic based on that content.
In order to decrypt traffic (i.e., to associate a ClientSSL profile) you must use a Standard virtual server.
The feature to block http / https request as a transparent proxy is "ssl forward proxy".
It requires a dedicated license. You can find here the documentation to configure it
Note that SSL Forward Proxy requires a Standard virtual server. The original question was whether blocking traffic based on the Host value could be done using a Performance-L4 virtual server, which would preclude SSL Forward Proxy.
I know it requires Standard VS, you already answered about this requirement :-)
I provided the full solution for the expected result even if SM asked Performance L4 VS.
If you really require Performance L4 feature, you can filter on SNI header instead on host value. When a client initiate a SSL negotiation, it can send a TLS header named Server Name.
current browsers send this header with the value of the Host header (IE on Windows XP does not, new versions does it). look at this thread to check Server Name header.
I never tried to use TCP::collect in performance L4 VS. You can try this solution and update this thread if worked (or not :-) ).