Forgive me if this has been implemented already, I would love to know how.

I have noticed that sites my users visit to use IP addresses for certain functions of the website, the most common I have seen is downloading (legit) files or images.

You see I want to block certain websites like facebook and youtube but also need to use the "IP only hosts" blocking option, as it is easy as to do an nslookup to facebook.com and access the page that way. Yet I also need my users to be able to access sites via IP address as certain work functions may call in it. It is a catch 22 situation.

What would make sense is to have an option to enable you to block access to only the IP addresses of sites that are configured to be blocked.

I'm not too sure how you would go about this. To minimise overhead you (untangle) could also include IP addresses for those sites you have blocked under categories and the users could enter IP addresses for sites they have configured to block themselves, or maybe there is a smarted way about going about it by doing a reverse DNS lookup on all sites that are accessed via IP address and cross referencing the domains with configured blocks.