you can use a PAC (proxy auto-config) file to control which users get assigned to the proxy (if you use static IPs).
squid/SARG might be the way to go - running a proxy is a great security enhancement and gives you total control over users web behaviour.
Just be aware of the privacy ramifications of generating verbose reports based on squid logs. I use calamaris with squid but I keep the results to myself and just silently make ACL adjustments when I see any red flags.
|