I have a freebsd 9.0 router with 250-300Mbit/s traffic, and need to filter small list of pages (http.request.uri).
I do not care about tor, anonymizers, proxy etc. Just prevent direct access from my network to this pages.
How? Only redirect http to squid or any other http-proxy?
I know about tcpdump -ddd and bpf netgraph node. But http is to hard for me.
If you don't want use proxy (e.g. transparently redirecting all traffic via ipfw rule to proxy - users don't notice anything) - for the solution you need something what is capable to deep packet inspection.
Check the: http://sourceforge.net/projects/ipfw-classifyd/ it should do what you want, "layer7 filtering" with ipfw. (or with pf too)
Or, download
pfSense(freebsd based excellent firewall) and check how to use it. According the docs, (http://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Layer_7) it is usesipfw-classifyd.Ps: only wondering why do you don't using pf instead of ipfw+ngnat)
If the list is small, you could just blacklist the IPs in the firewall.
Of course you have to check from time to time, if the pages moved to another site. You could do this with a cron script.