a certain site or all https traffic?
if all https traffic then it is easy:
create new block rule on LAN, with destination port https all other should be fine by default.
Move this rule on top of any rule except anti-lockout and apply changes/reset sessions