Good Afternoon,
This has been discussed in this thread at length:
http://forums.contribs.org/index.php?topic=9062.msg34284#msg34284The only thing I can think of is that the url can be blocked based on the initial request that begins the session, if that makes sense. Regarding any other method, I'm not aware of them. There are supposedly filters out there that packet sniff but they are terribly expensive and not effective based on my experiences.
My friend and I discussed this at length as we deal with many schools regarding filters and the likes. Our conclusion is to totally block https for all users during business hours or permanently for everyone with very few exceptions. I haven't done this yet but I'm about there as I have separate filters for the students and the staff. Both filters require authentication to log activity. If there are any other suggestions, I'm open for ideas.