Now I want to add a proxy server so that all the clients added to this can only visit the websites I describe.
How can i do this?
This is an argument of policy and how you treat your employees, but that’s a separate issue.
If you’re looking at doing something like this, you do it by deploying a proxy server product and using that system as a gateway. @MarkM mentioned Squid, which we’ve done before,using SquidGuard, but it won’t block access to https sites. You’d most likely want a turnkey product that can handle proxying and filtering, using invisible proxying so there are no settings put in by the client machines or policy.
Personally you may run into issues by locking your employees down this much and treating them the way we do unless you have a really good reason to sink management time and money into this level. We do this because we’re required by CIPA laws as a school…I’m sure if you’re a three letter agency for the government you may have a good reason to do this too. Otherwise you might get some pushback from your employees…or at least turnover. But that’s all I’ll warn about.