It sounds like you're trying to achieve two separate goals here :
- 1. To limit time spent on websites that are potentially not work-related / time wasting / etc
- 2. To block websites that are potentially dangerous to your network (infected)
To implement the bosses suggestion you need a different system to handle each and a way to categorise the blocked sites - or a system that allows more fine grained control.
Stepping back a bit...
More importantly though, your boss should want to demonstrate that he trusts his employees to use their work time sensibly. By blocking websites for reasons other than network security and creating little bureaucratic procedures to unblock them you send a clear signal to the employee that they are not to be trusted with a basic resource like web browsing. Expect them to respond in kind.