AFAIK, such is practically impossible. On a client level, like a browser, of course it can work, as long as the client itself allows such request manipulation via plugin or settings or such. But you cannot tell another client to accept a redirect from anywhere else than the original remote server: A redirect is a 301 or 302 HTTP response code form the server the request was sent to. With HTTPS, clients only accept answers from the original remote server with the correct TLS certificate. Even if your router or any other instance would catch the client’s request and answer with a redirect, the client wouldn’t accept it as the certificate wouldn’t be accepted for the requested hostname. For this you would need to add the routers/firewalls false certificate to every client’s trusted certificate storage. DNSSEC would prevent also this attempt, and note that this breaks the DNS security concept fundamentally.
1 Like