Explicit proxy is not enough to block Ultrasurf but it permits to:
- deny access to "plain text URL" using HTTPS (which is not feasible using transparent proxy)
- implement in parallel Squid ACL preventing to reach IP based URLs
As far as I understand, if you implement only IP based ACL, bypass using plain text HTTPS URL will still be feasible isn't it?
Or I might be wrong too