Let’s take into account some methods to block entry to the particular web sites, domains, URLs or IP addresses in Windows with out utilizing third-party instruments. In our case, we are going to strive to block sure web sites utilizing the built-in Windows 10 instruments and PowerShell automation options.
Usually it’s simpler to block web sites on your community router (change or Wi-Fi entry level you might be utilizing to entry the Internet) or utilizing third-party software program (content material filters, DNS filters, and so on.).
Blocking Websites Using the Hosts File in Windows
The hottest methodology to block a particular web site on Windows is to edit the hosts file. Usually it’s situated in %windirpercentsystem32driversetc listing. Please observe that hosts file doesn’t have an extension.
The hosts file is used to manually assign mappings between IP addresses and DNS names. When resolving names, the hosts has increased precedence than DNS servers specified within the community connection settings.
To block a particular web site (for instance, fb.com), open the hosts file (with the administrator privileges) and add the strings like these to it:
127.zero.zero.1 fb.com 127.zero.zero.1 www.fb.com
Save the file and restart your pc (or clear the DNS cache utilizing the command:
After that, when making an attempt to open the fb.com in any browser you will note the message “Page not discovered” / “Page not out there”.
You can add new traces containing web site URLs to your hosts file utilizing such a .bat file:
echo 127.zero.zero.1 www.fb.com >> %hostspath%
echo 127.zero.zero.1 fb.com >> %hostspath%
Or you should utilize the next PowerShell features to mechanically block particular web sites in your hosts file.
Function BlockSiteHosts ( [Parameter(Mandatory=$true)]$Url)
Select-String -Pattern ([regex]::Escape($Url))
Function UnBlockSiteHosts ( [Parameter(Mandatory=$true)]$Url)
Select-String -Pattern ([regex]::Escape($Url))
Set-Content -Path $hosts -Value $newhosts
To add a web site to the record of blocked URLs, simply execute the command:
To unblock the web site, run:
Block Websites Using DNS Filtering
If your shoppers use the identical DNS server, in the identical approach you may block sure web sites by creating a DNS entry in that DNS and specify one thing like 127.zero.zero.1 in it. By the best way, most industrial DNS content material filters (OpenDNS, SafeDNS, Cisco Umbrella, and so on.) use the identical precept.
How to Block Website IP Address in Windows Defender Firewall?
Also, you may block some web sites utilizing the built-in Windows Defender Firewall. The foremost drawback of this methodology is that you just gained’t have the option to use the identify of a area or a web site URL within the blocking rule. Windows Defender Firewall permits you to specify solely an IP tackle or a subnet as a supply/vacation spot.
First of all, you’ve got to get the IP tackle of the web site you need to block. It is simpler to do it utilizing the nslookup command:
As you may see, the command has returned a number of IP addresses assigned to the web site. You have to block all of them.
Run the Windows Defender Firewall administration snap-in (Control PanelAll Control Panel ItemsWindows Defender FirewallSuperior Settings or by operating firewall.cpl).
In the Outbound Rules part, create a new rule with the next settings:
- Rule Type: Custom
- Program: All applications
- Protocol Type: Any
- Scope: In the “Which distant IP addresses does this rule apply to?” part choose “These IP addresses” -> Add. In the following window, enter the IP addresses, subnets or a vary of IP addresses you need to block.
Click OK -> Next -> Action -> Block the connection.
Leave all choices as they’re within the window with Firewall profiles the rule is utilized to. Then specify the rule identify and put it aside.
After that Windows Defender Firewall will block all outgoing connections to the desired web site‘s IP adresses. The following message will seem in your browser when making an attempt to join to the blocked web site:
Unable to join
Your Internet entry is blocked Firewall or antivirus software program could have blocked the connection ERR_NETWORK_ACCESS_DENIED
In your AD area you may to block entry to a web site on consumer computer systems utilizing GPO. However, it isn’t rational. It is best to filter web sites on your Internet entry router (gateway).
Using PowerShell to Create Firewall Rule to Block Website by Domain Name or IP Address
You also can create a Firewall rule that blocks the connection to the web site utilizing PowerShell:
New-InternetFirewallRule -ShowName "Block Site" -Direction Outbound –LocalPort Any -Protocol Any -Action Block -DistantAddress 18.104.22.168, 104.244.42.zero/24
The string “The rule was parsed efficiently from the shop” signifies that the brand new Firewall rule has been efficiently utilized. You can discover it within the graphical interface of your Windows Defender Firewall.
In order not to resolve the web site names into IP addresses manually, you should utilize the Resolve-DnsName PowerShell cmdlet to get the web site IP addresses:
Resolve-DnsName "twitter.com"| Select-Object -ExpandProperty IPAddress
Thus, you may convert the identify of the web site into its IP addresses and add a block rule to the firewall settings:
$IPAddress = Resolve-DnsName "twitter.com"| Select-Object -ExpandProperty IPAddress
New-InternetFirewallRule -ShowName "Block Site" -Direction Outbound –LocalPort Any -Protocol Any -Action Block -DistantAddress $IPAddress
So now you can add a blocking rule to your Windows Firewall for a number of web sites without delay:
$SitesToBlock = "fb.com","instagram.com","youtube.com"
$IPAddress = $SitesToBlock | Resolve-DnsName -NoHostsFile | Select-Object -ExpandProperty IPAddress
New-InternetFirewallRule -ShowName "Block Web Sites" -Direction Outbound –LocalPort Any -Protocol Any -Action Block -DistantAddress $IPAddress
I’ve added the –NoHostsFile parameter to the Resolve-DnsName cmdlet so as not to use the hosts file for resolving.
Let’s be sure that a block outbound rule has appeared within the Windows Firewall console.
This article is generally a mind coaching train. In a company community, it’s essential to use web site filtering on your Internet entry gateway, router or a proxy server. The host-level blocking will not be very efficient.