[Bender]

The open source solution is to configure the latest Squid proxy as a Squid SSL Bump proxy. There are a handful of sites it will not work with due to them still using public key pinning but its a tiny list. I do not have it handy at the moment.

Squid supports ACL's that can block URL patterns, domains, IP addresses, file extensions, mime types and much more.

Here [1] is an out of date example. There are probably better and more up to date examples. Some examples are based off Squid V3 as some distros still ship with that but Squid 6 added more flexibility around chaining options SOCKS options and such.

[1] - https://github.com/alatas/squid-alpine-ssl