I'm pretty sure a DPI-based filtering can be purchased as an off-the-self service.
And that's one of the core reasons I dislike HTTPS everywhere. It will lead to organizations like schools installing their own root certificates to MITM traffic, lessening the security of those things where encryption is the most important, like online banking.
Many universities already require the installation of a root certificate. The primary purpose is to avoid buying commercial certificates for every last internal university site, but it also has the effect you've mentioned.
And that's one of the core reasons I dislike HTTPS everywhere. It will lead to organizations like schools installing their own root certificates to MITM traffic, lessening the security of those things where encryption is the most important, like online banking.