Yes I agree. I was going to do this using suricata (because already I see suricata blackholing suspicious TLD) but i have came to the conclusion that using the IPS/IDS for this task will consume much more resources than simple blackholing in hosts.
I too am going to deploy that script, I think it’s great. I’m not really interested in proxies.
IPS/IDS + DNS blackholing is where it’s all at.
Stopping people looking at porn is a different kettle of fish, one I’m not super interested in. Mostly interested in stopping dodgy URLs.
I guess proxies are good for logging access and data loss prevention scenarios (i.e. leaking of company documents) but with cameras on smart phones nowadays someone just takes a picture of the document and transports it on their personal non-corporate network anyway.