From what I can see reading various websites on http tunnel, it is an application layer encryption that works over port 80 and is redirected. The PIX filters on network layer 3 and 4 of the OSI model (in most cases) and rarely looks inside the packet for layer 7 content (with a few exceptions). Because of this, Im sure there are currently no filtering capabilities built into the PIX for this application. I doubt theres a big enough demand for it with HTTPS and IPSEC and other more established encryption protocols. You might run it by Cisco and see if they have any workarounds for your specific needs.