and you can ask - why?
who works in the office? for creative professions, motivation is needed, and not prohibitions
for salespeople and others - plans and don’t care what they do the rest of the time ...
safety, IMHO, this is about understanding due to which important information will not fly away to the left or the iPhone will not be stolen from the kitchen "ticket sellers in theater", and not about "let's turn off everything for everyone except something"

A simple classic of the genre. Everyone on the proxy, to the proxy webmord and look at the top site traffic or the top employees sitting on the Internet
squid + lightsquid - the easiest thing to do is
to ideally fasten AD and access groups.

See for example Shalla Blacklists

skydns?

Since we started talking about a proxy server, I can’t help but single out one such as: IDECO ICS, it cuts traffic and blocks sites, integrates with both LDAP and AD.

whitelist will be easier to form...

There are hardly any lists.
It's easier to go from the opposite: "what is not allowed is forbidden"
As a result, after a while, your list of useful and allowed sites will accumulate :)

What are file sharing services for? Social networks are also different. In general, it is necessary to ban those who suffer from acute procrastination and do not work very well.

You can also try yandex dns.