[Solved] Block traffic to unresolved IP / Non-sni or "naked" IPv4 address

[errored out]

I posted this question in general, but have not received any comments.  So, I'm trying here.

I am looking for a method of blocking internal traffic from accessing any external (routable / Internet) IP address which have not been resolved / "naked" (non-sni) by dns. 

Ex.  Right now, my computer inside my network is able to traverse opnsense and access any site (https) by domain name or IP.  For instance https://opnsense.org or by https://81.171.2.181. 

I am looking to allow my computer to still be able to access https://opnsense.org; however, not be able to access https://81.171.2.181 (or any routable ip address).

I am aware I can block specific IPs.  However, that would block access to the hosts I'm trying to access.  And it would not be realistic to individually block all external hosts by their IP address.

Simply put, looking to block "how" a computer connects to a external host, not block access to an external host.

I am assuming what is needed is squid or nginx, but have not found the answer yet. 

Which one is needed if any?

What options or configurations should I look into?

Thank you

[errored out]

Anyone have info on this?

[Fright]

can try squid + regex blacklist

[errored out]

Great, thank you.