We have the same question a year ago.
We block HTTPS website using the follow trick:
Go to Object Management -> URL -> Individual Objects -> Add URL
Set name to the URL object, and type the url, for example, to block
Facebook, type "facebook.com" unquoted.
Go to the rule in Access control policy and associate this object to the rule.
Apply all changes, wait a litle time until the control policy status go from
"Appying to device" to "Policy Up-to-date on device"
Try your config.
I hope help you
Are you able to redirect the user to a custom webpage if they try to visit a HTTPS site or do they just wait for a timeout message to appear?
Are you sure? I thought you couldn't do SSL decryption with SourceFire and that you required separate SSL hardware
Do you have any documentation that shows its possible now?
Certain. See the traffic decryption section of the 5.4.1 user guide: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401.html
To answer your question about how SourceFire filters URL traffic from HTTPS sites. SourceFire uses the Certificate name and SAN names that are sent from the remote end to your PC. Although the packet is sent as DTLS, the SAN names can be read in clear text. I have ran a packet capture to test.