Depends on "why" you're trying to block access:
Surfing Facebook is a productivity hit? A time bound exception (30 mins at a time) might be a viable approach.
Porn? Probably no valid reason to surf porn at most jobs.
As a previous poster said, if you're really concerned about malware / C+C servers etc, blacklist everything, whitelist a hand full of websites required for the job.