All traffic on the LAN is routed through a single machine and filtered using iptables. I'd like to redirect this traffic to a transparent proxy running on the same machine that will rewrite the URL if it matches a specified regex, in which case the user will be redirected to a local server. In other words, all HTTP requests should flow through as usual unless the user attempts to navigate to, say, "xyz.com," in which case the proxy will send the user to Apache running locally with a page displaying something like "Sorry, you can't go here." I have already investigated Squid and its URL rewriting component, but it seems terribly complicated to configure and a bit overkill since I won't be using 98% of its other features. Is there a free program other than Squid I could use, or perhaps someone could provide me with some resources for writing a program myself if it isn't too complicated?