For school exam we get several ranges of IP-addresses that is on the list for technical specs required to pass the firewall. The students log in and start their exam and when they are finished, uploads their finished documents. White-list approach is used to allow only port 80 and 443 destined for the specified IP-addresses. Everything else is blocked.
What is new this year is that they are allowed to access additional online based help, like dictionaries. The problem is the white-list approach where you allow only specified IP-address(es) for that domain. You end up with a web page that is not completely loaded since todays web sites are dynamic and gets their content from several places. Forexample images hosted somewhere else.
The question is really general, how do you allow a specified site/domain to pass through in a white-list approach when you have the problem explained above? Let's imagine you don't have time to test all functionality on that site to see that everything is working and loaded.