You need a firewall between the internet modem and your internal network that can do web filtering. You can use either a hardware firewall or use a computer running a firewall.
Hardware would allow fastest connection and best filtering but would be more expensive.
A computer based firewall would be slower but alot cheaper.
Use a proxy - I'd say Squid is the best free one around. On the gateway, block everything except HTTP traffic and within Squid config, you can block whichever file types you like. You'll also have to then configure the proxy into your standard image.