Fascinating, wasn't aware of that one. Still studying it, very interesting indeed.
I hate to say it, but it seems easier to just prevent HTTPS from the lowest level access group in our organization, mainly temps brought in for data entry, but they still need general Internet access, mainly to google for research purposes, etc. There are way too many subjects researched to utilize white listing. Instead, we're depending on Dansguardian. I have already tweaked Dansguardian to block naughty/non-work related sites, and it is working great. I think this could be an acceptable solution. A trial run blocking HTTPS for the temps might be in order.
I'm thinking if a temp needs HTTPS to pay their electric bill online, or some other need for HTTPS, they can come to me and do it from my desk (or their manager), or better yet, just do that stuff off-hours at home or elsewhere.
For regular employees and above, I guess we'll have to depend on the Acceptable Use Policy, and of course, keep an eye on the log files for abuse. Regular employees will be more concerned about getting reprimanded, so this might have to suffice.
For anyone reading this thread, no I'm not some pig-headed IT jerk trying to play GOD and over-control my position. We have limited bandwidth, and unfortunately too many employees that if allowed, will sit there and chat on myspace, watch youtube, and do all other kinds of non-work activities. Our managers are far too busy to minute manage, and watch what people do. We shouldn't have to. Unfortunately, people are spread out, and our environment is very relaxed, so people tend to goof off when not busy, especially the night shift crowd. Before I implemented Dansguardian, I can't tell you how many times I'd notice people minimizing browsers when they saw me walking by, to hide their goofing off. Many of our employees are young adults that just don't see a problem with it. Our owner expects me to automate the defenses as much as possible. He feels (and I agree) if they can't goof off in the first place, that alone would solve this problem.
I'm going to continue researching the L7 filters, and give feedback here. I think it's worth looking into.
I'm open to your thoughts and suggestions on this. I'd be grateful for any other ideas that could help with this problem.
Thank you all for your feedback