Blocking web sites with Windows Firewall
Is it possible to use Windows Firewall to block specific web sites for all browsers?
Solution 1:
Possibly, depending on which version of Windows you're using, although I don't recall ever seeing any such options.
It's probably easier to just add entries into your C:/WINDOWS/SYSTEM32/DRIVERS/ETC/HOSTS file (it's a plain ASCII text file that you can edit directly with Windows Notepad), like so:
127.0.0.1 www.bad-web-site.example.com
127.0.0.1 www.another-site.example.net
The IP address "127.0.0.1" is localhost (your local computer), and using it for the web site addresses (the domain names) you wish to block will result in a timeout (assuming you're not running a local web server like Apache HTTPd; if you are, then its web page will appear which will be fine anyway).
Make sure that you block both with and without the "www" portion; this is quite easy as you can specify multiple sites on a single line by delimiting them with spaces, like so:
127.0.0.1 www.bad-web-site.example.com bad-web-site.example.com
127.0.0.1 www.another-site.example.net another-site.example.net
Also note that the domains are added without any protocol, so without http://
, https://
or ftp://
.
How To Article
Note: In Windows Vista or Windows 7 you must open Notepad.exe as an Administrator to be able to edit and save changes to the hosts file. Right click on notepad.exe or its shortcut and select "run as Administrator" once Notepad is open use File > Open to navigate to the hosts file.
Solution 2:
First of all Go to Command Prompt and Do Ping URL to get IP address of that website:
Ping example .com
and you get IP Address of website
Pinging example.com [93.184.216.119] with 32 bytes of data:
Reply from 93.184.216.119: bytes=32 time=287ms TTL=43
Reply from 93.184.216.119: bytes=32 time=286ms TTL=43
Reply from 93.184.216.119: bytes=32 time=285ms TTL=43
Reply from 93.184.216.119: bytes=32 time=294ms TTL=43Ping statistics for 93.184.216.119:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 285ms, Maximum = 294ms, Average = 288ms
go to Control Panel > windows FireWall > in the left side click Advanced Setting
go to Outbound Rule and in right side Click New Rule
- in New OutBound Rule Wizard select Custom and click Next
- in Program Screen Select All Program And click Next
- in protocol and ports Leave default Setting and click Next
- in Scope Screen Under Which remote IP address Does This rule apply to? select These IP address and click add Button
in IP Address Dialog under This IP address or subnet: enter IP address of website and click ok and then click next
in Action screen select Block the connection and click next
- in Profile screen leave all 3 check box selected and click next
- in Name Screen choose name for rule and click finish
test what you do by enter URL in any browser that you want
good luck!
Solution 3:
This is a very generalized question... (more information would be useful...) as the Windows Firewall exists in different versions... and has different capabilities with each version... etc.
(Assuming you're running windows 7, and you're ONLY wanting to use the windows-firewall) The short answer is: Sort-of. You can deny access to a IP address, which would in-turn deny access to any websites hosted on that IP address. This rule would apply to any application attempting to connect to that ip-address. (Windows 7 has the only windows-firewall that blocks outbound connections) The only fly in that ointment, is that most companies of any large scale have many IP addresses all of which serve pages for that website. yes you can block them all, but it's really an excessive amount of work.
(If you don't mind getting your hands dirty) you can also modify the hosts file (c:\windows\system32\drivers\etc\hosts) and put a bogus entry in there for the domain in question, but a lot of anti-virus with some level of heuristics will identify this as some sort of suspicious activity, and others will silently wipe out any changes you make.
The third option is to invest in a router that has some sort of content-filtering options... (there's quite a few out there that work quite well that aren't too expensive) or look at software like netnanny or other solutions like OpenDNS to provide whatever level of filtering you require.