Proxy softwares can bypass your web filtration in the network, how can you block them ?

any new application filteration Firewall can inspect into packets, and does this task.

I'd rather say L7 is the best possible solution.

A good "Web Application Firewall" can perform this task operating on Reverse Proxy or Transparent Proxy Mode. Vendor names and support for diferent modes vary,so please check each product for specific detail for a particular mode before buying.

Except using Firewall with the capability of application level filtering, using a proxy server will easily solve the issue. (considering that firewall is used for more hard stuff - but it is a good all in one option as well) 

Options that it (proxy Server) will gave you:

• Categorizing different web traffic like Shopping (ebay, amazon), annonymity (Tor, Proxy softwares etc.)
• specifically blocking/allowing a desired category
• black/White listing web activities 
• blocking single URL, Domain or a complete FQDN
• detailed logs about the activities of each user/device 
• port filtering associated with web requests
• ... (list goes on depending on the need)

just as a good example for an enterprise network BlueCoat is one of the best solutions for large infrastructures. 

other proxy servers are available as well: simplest and most affordable is within Windows Server environment (NT,2000,2003,2008,2012) 

Hope it Helps

Omid

Next Generation of Firewall will take care of that issue

Beside the L7 Applications, some Hardware based Firwall can do this job

Application (Layer7 Filters) as others mentioned would be the best way to go.