Squid

How to make deny_info work with HTTPS in Squid?

There is Squid 3.5.28. Opaque, works by specifying the address in the proxy.
Enabled the deny_info directive with a redirect to another address.
deny_info 303: url.com block_users
The block_users ACL includes users who have run out of traffic.
The problem is that if the user goes to an HTTP site, it redirects it, and if it goes to HTTPS, then the browser simply displays a message stating that it cannot establish a connection.
The work comes with support for the peek and splice method. The logs are the following.
TCP_DENIED/407 4169 GET rejik.ru - HIER_NONE/- text/html
TCP_DENIED/407 4398 GET rejik.ru - HIER_NONE/- text/html
TCP_DENIED/303 471 GET rejik.rulogin HIER_NONE/- text/html
TCP_DENIED/407 3884 CONNECT ya.ru:443 - HIER_NONE/- text/html
TCP_DENIED/407 4113 CONNECT ya.ru:443 - HIER_NONE/- text/html
TCP_DENIED/303 470 CONNECT ya.ru: 443 login HIER_NONE/- text/html

As I understand it, when accessing http, it receives TCP_DENIED and accesses the deny_info directive and redirects the user there, since code 303 returned. In the case of access to HTTPS, it also receives TCP_DENIED and tries to redirect, but since SSL - the tunnel is already up, the host addresses in it can no longer be changed. Redirection worked for me in case of certificate spoofing, but this is not an option, since adding a certificate to trusted does not solve the problem that browsers swear at an incorrect certificate.
How else can this problem be solved?