The goal of this tutorial is to enforce web filtering in our network for all outbound HTTP/HTTPS traffic. We will implement this by using Squid proxy for interception of traffic and Web Safety ICAP server for web filtering.

For specific reasons which cannot be reconsidered we cannot follow the normal, explicit proxy way of doing things and decide to forcibly filter all HTTP/HTTPS connections on our gateway. As users browsers are not configured to use proxy directly this deployment scenario is usually called transparent NAT intercept.