I have to set up internet controls for our schools study hall/testing center. The idea is that computers on that network should only be able to access the school's webportal and learning platform that the school uses during class hours, but allow full access outside of class hours. Students may use their own device/laptop or a school issues. I'm using Edgrouter X currently, though we're willing to invest in higher grade equipment/software.
I figured that the easiest thing to do would be to set up a whitelist of allowed IP address and use time based ACLs to apply the whitelist and block all other traffic during the specific times. As I started trying to test that solution, I gathering the required IP addresses that I'd need to whitelist using Chromes's IPvFOO extension (pictured below ), but realized that webpages are pulling from many more sources and IP address then I originally thought. I could just add all the IP addresses that I can find listed in the IPvFOO output, but I'm wondering how many of the address might be dynamic, so if one of the IP addresses changes, I'll end up "breaking" the webpage.
I've tried URL based whitelisting, but that doesn't seem to work with HTTPS. So, is it practical to use an IP based whitelist?