Alright so without looking at your current config I'm going to inform you that the proper way to deal with this sort of situation is with an access list (normally combined with a dns server and host files).
An access list permits or denies something.
There are two types of access lists. There is a standard access list, which permits or denies based off of ip address and there is an extended access list which permits or denies based on more granular controls that match to an ip address and a port or protocol.
A standard access list follows the following format:
Access-list <list number> <permit/deny> <ip address> <wildcard mask>
Example:
access-list 10 permit 192.168.3.0 0.0.0.255
access-list 10 deny any
( note deny any is at the end of all access lists by default to fix this just put permit all in front of it)
An extended access list on the other hand can be more specific about the traffic that it permits or denies. Extended access lists are great because they really allow you to choose what comes in and out of our network. A key function of extended access lists is the ability to deny by port. This matters to you because web traffic takes place on ports 80 (http) and 443 (https)
The format for an extended access list is as follows:
access-list <100-199 or 2000-2699> <permit or deny> <tcp or udp or ip> <source host address or network or any> <operator> <port> <destination host address or network or any> <operator><port>
Example:
R1(config)#access-list 101 deny tcp host 192.168.2.1 host 69.63.176.13 eq www
R1(config)#access-list 101 permit ip any any
To apply this access list to an interface you would simply type the following:
R1(config)#int fa0/0/0
R1(config-if)#ip access-group 101 in
