How to block https (youtube, vk) in the local network?

Have a router Mikrotik 2011iL Routerdoard. It is necessary to close access to certain employees via the https Protocol. To add ip addresses in Address Lists helps, but too many of them at the same and that is not very rational.
July 8th 19 at 15:58
3 answers
July 8th 19 at 16:00
Create regexp from blocked URLs
/ip firewall layer7-protocol
add name=gvno regexp="^.*(*\$"

Add a rule to firewall (must be above the allow rules for the forward chain)
/ip firewall filter add action=reject chain=forward layer7-protocol=gvno protocol=tcp reject-with=tcp-reset
July 8th 19 at 16:02
You do not need the ip address and domain name to ban, it should also priventivno all the anonymizers which you can find in Google there record
July 8th 19 at 16:04
squid https transparent
vk can the center block, not individual IP.

although, mind, it is solved by administrative measures, so as:

humans will be their personal smartphones, which vk is available through 3G.
watch videos not only on Youtube, antipiracy fight video and can't fight, and you think you can?

maybe it is the reverse:
leave only what you need for the job? and everything else is closed?

Find more questions by tags LinuxHTTPSMikrotik