Detection blocking method and device based on https encrypted traffic

The invention discloses a blocking method and device based on detection of https encrypted traffic. The blocking method comprises the following steps: configuring agented business service information of an IP blocking device; judging a client source i p and a handshake request type according to a request and a handshake packet sent by the client, establishing a connection, performing data transmission, and obtaining plaintext content of the transmission data; performing threat identification detection on the plaintext content of the transmission data; and blocking the source i p or the target i p of the detected data source with the threat behavior. The device based on the method is deployed at a total gateway of a network based on hardware, and detects and blocks all TLS/SSL traffic in the whole local area network. 公开了一种基于https加密流量的检测的阻断方法及装置，包括：配置所述I P阻断装置的所代理的业务服务信息；根据客户端发送的请求和握手包判断客户端源i p和握手请求类型，建立连接，进行数据传输，获取传输数据的明文内容；对传输数据的明文内容进行威胁识别检测；对检测到的存在威胁行为的数据源的源i p或目标i p进行阻断。基于该方法的装置基于硬件部署在网络总出入口，对整个局域网内所有TLS/SS