Originally Posted by mdKhan_17
if you want to block any domain like gmail you have to know the whole ip block of gmail
No, you don't - that's kind of the point of using Squid instead of iptables in these cases. Besides, it's not like you really would be able to know every single IP block used by Gmail at any specific moment in time would you? And can you imagine the amount of innocent services you might unintentionally be filtering by using such a broad approach? The simplest way IMHO to achieve what is asked by the OP is to edit the ACLs such that the CONNECT method is only allowed for sites which you want HTTPS to work with. For example, say you only want to allow HTTPS for the domain linuxquestions.org
acl LQ dstdomain .linuxquestions.org
acl CONNECT method CONNECT
http_access allow CONNECT LQ
http_access deny CONNECT all
Whether you specify port 443 is up to you.
Stuff like this should of course be reinforced with an AUP if possible.
Also, this all implies that users are being forced to use Squid (no SNAT is being done).