we are having problem as end users have a lot of spyware/walware and have illegal proxy install in the lan.
One of the idea is to deny HTTPS or "CONNECT" type http, at the "inside fwsm/asa" to any ip-base url destination. Since the ip-base url are random, maybe regex could help.
please advice us how to do it. thanks.