If you’re on the same subnet, no amount of reverse proxy will help with dodgy apps. It’s more appropriate to put the dodgy iot in a DMZ to control what they can do.

Putting https on these is fine, but it’s not a solution to isolating bad clients.