A TCP bypass interdiction method and device are provided. The method comprises: a DPI device between a client terminal and a service terminal acquiring a MSS negotiation value on the basis of a TCP handshake packet; when a suspicious packet is monitored, the DIP device constructing an RST packet according to the suspicious packet and the MSS negotiation value. The RST packet comprises a source direction RST packet and target direction RST packets. The receiving terminal of the source direction RST packet is the same with the transmitting terminal of the suspicious packet. The receiving terminals of the target direction RST packets are the same with the receiving terminal of the suspicious packet. SEQ values of the target direction RST packets are sequentially increased by at least one MSS negotiation value. The method comprises the DPI device transmitting the RST packet to the client terminal and the service terminal respectively.