Good evening,
In fact that was exactly what I meant, but I probably expressed myself badly. I have been working for many years with a firewall whose brand I don’t want to specify, with which I implement url filtering exactly this way.
In practice, the SSL proxy of this firewall intercepts connections from the client over TCP port 443 and carries out SSL negotiations with the web server on behalf of the client.
Then it analyzes the certificate sent by the server.
If the certificate is compliant, the SSL proxy decrypts traffic, which will then be evaluated by the filter rules that follow.
It also generates a fake certificate and present it to the client, which will verify the certificate.
If the certificate is present (this is the reason why the certificate generated by the firewall is required to be installed in the browser), traffic will be secured. Application protections will then be applied.
My need was due to the fact that the firewall with which I work has quite high costs, so if the customer has detached offices, I had thought of Mikrotik Routerboards to do this.
It seems to me that this is not possible natively.