was successfully added to your cart.

Blocking Websites with the Windows Hosts File

By October 26, 2009 May 29th, 2016 Tips & Tricks

Sometimes I decide that I never want to re-visit a particular website ever again, and I want a way to block it indefinitely. Normally, I just learned to ignore a website simply out of self-discipline. Lately, I decided I wanted something more secure. After all, even with self-discpline, I could still accidentally visit said site from a link found on another unblocked site. I figured out a good solution: the Windows hosts file.

Windows features a special file simply called “hosts”, without an extension. This file allows users to map hostnames to IP addresses. More importantly, however, is that when Windows tries to locate nodes on any given network, it will take the hosts file into consideration. It will actually consider the hosts file prior to querying DNS server, and any mappings found within will override those in the DNS. This effectively allows us to write custom redirections that affect the entire system – this was the key to blocking the website. To demonstrate how I used this to my advantage,  here’s what the default HOSTS file looks like in Windows 7:

#def Copyright (c) 1993-2009 Microsoft Corp.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

If I wanted to permanently block:

  • kanyewest.com
  • kanyeuniversecity.com

I would add the following entries to the file, in bold:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 kanyeuniversecity.com
127.0.0.1 www.kanyeuniversecity.com
127.0.0.1 kanyewest.com
127.0.0.1 www.kanyewest.com

By doing this, I’m telling Windows that whenever it encounters one of those domains, it should immediately resolve them to the IP 127.0.0.1, rather than querying the DNS server for the IP. The IP 127.0.0.1 is a special “loopback” IP – it pretty much points to whatever machine you are currently using. That’s how these domains are blocked – Windows will actually be told to use 127.0.0.1, which will definitely not work (since the local machine is not a web server, and is not configured to serve such content). This exact technique is used by Spybot Search & Destroy‘s Immunize feature – so when you open your HOSTS file, you might already see a bunch of entries blocked.

Notice, also,  how I added two entries per website I want to block – one with “www.”, and one without it. I considered this necessary because of the following: from the point of view of a DNS server, “www.websitenamehere.com” and “websitenamehere.com” are two completely different domains; however, in most cases, on the Internet, they tend to be configured to point to the same IP address, so we rarely see instances where they behave differently. Still, since they are different at the DNS level, both possibilities needed to be added to HOSTS file.

Ultimately, once configured, the end result is this: whenever you try to access a blocked site, you’ll get this type of error:

Error seen when attempting to visit a site that has been blocked via the Windows hosts file. This example showcases Firefox, but keep in mind that the block is system-wide. Other browsers will react similarly.

Error seen when attempting to visit a site that has been blocked via the Windows hosts file. This example showcases Firefox, but keep in mind that the block is system-wide. Other browsers will react similarly.

There you have it – a way to block websites in Windows, and a browser-independent one at that. As for the procedure for editing the HOSTS file, it differs depending on which version of Windows you are using – simply include the Windows version when you Google.