We have successfully set up policy based routing of HTTP and HTTPS traffic from our Mikrotik router to a separate proxy box. Both HTTP and HTTPS traffic can now be filtered for adult language and unwanted sites.



If you are using Google chrome, you are advised to block QUIC protocol on your router, otherwise Chrome will be able to bypass the transparently redirected proxy when going to QUIC enabled sites, like,, etc. For more information see Squid Wiki article Adding REJECT rules for UDP protocol on outgoing port 80 and port 443 should be enough.