In this article I will show you how to use the hosts file to block websites on computers running the Windows operating system. I will also go over the limitations of using the hosts file to restrict access to the web when compared to dedicated web filtering software so you can choose the best internet management method for your needs.
BrowseControl is an easy-to-use web filter that helps organizations enforce policies, improve productivity, reduce bandwidth consumption, and meet compliance requirements – no matter where their users are located.
With BrowseControl you can ensure a safe and productive environment by blocking high-risk, distracting, or inappropriate websites, improve network performance by blocking bandwidth hogs, and prevent users from using unsanctioned applications and software-as-a-service providers
BrowseControl’s security policies are enforced by a software agent that is installed on your user’s computers. This allows the solution to continue blocking websites and applications even when computers are taken off-site.
BrowseControl’s central console allows you to configure your security policies from the convenience of a web browser.
With BrowseControl you can Block or allow websites based on URL, category, domain, or IP address, assign custom policies for each group of computers or users, prevent users from launching specific applications, and block network ports to reduce the attack surface of your network
There are three key methods for blocking websites with BrowseControl:
The Blocked List allows you to block specific websites based on URL, domain, or IP address
Category Filtering allows you to block millions of websites across over 100 content categories including pornography, social media, and virus-infected sites.
and finally, you can use the Allowed List to allow specific websites that would otherwise be blocked based on their category, or for the greatest security and control you can block all websites except for those that are on the Allowed List.
When your users try to visit a blocked website they can either be presented with a custom warning message or directed to another site, such as a page with a reminder of your organization’s internet use policy.
With BrowseControl’s App Blocker you can prevent your users from launching specific applications.
Simply select the group you would like to restrict, enter the Original Filename of the application to the Application List, and add it to the blocked applications list.
When the user tries to launch the blocked application they can be presented with a custom warning message that alerts them of the restriction.
BrowseControl is best used in tandem with our computer monitoring software BrowseReporter. Using both solutions provides the visibility and control you need to ensure that your organization’s computers are being used appropriately.
Don’t let internet abuse run rampant in your organization. Take back control over web browsing with a free trial of BrowseControl.
Get started today by visiting CurrentWare.com/Download
If you have any technical questions during your evaluation our support team is available to help you over a phone call, live chat, or email.
Thank you!
Editing the Hosts file to block a website on multiple devices is a time-consuming, inflexible, and labor-intensive process.
For just $3.99 per license per month, you can take advantage of BrowseControl to block billions of websites across over 100 URL categories. More than 10,000 new domains are added each day, making it simple to restrict internet access even as new sites emerge.
With BrowseControl you can…
”As a ‘novice’ I was able to set up with help from support in about an hour. Previous software took forever and didn’t work as advertised; this software worked right out of the box. It allows my workers to use the internet and make money for the practice without distraction/temptation to use personal websites/email/shopping.”
– Gerard B., Office Manager
Hosts File | Web Filter | |
---|---|---|
Multiple Devices | Not recommended. It forces you to decentralize the management of your network. | Recommended. The centralized console of a web filter makes managing multiple devices simple and efficient. |
Granularity | Limited. Web access permissions can only be done on a per-device basis. Changes to the file also affects all users on the device. | Advanced. Unique web access permissions can be adjusted for each device, user, or workgroup. |
Whitelisting | Difficult. Using the hosts file block all websites except approved ones requires you to manually find the IP addresses of the websites you would like to allow, add them to the file, and direct all other traffic to a null route. | Simple. To whitelist websites with a web filter you simply need to add the domains you’d like to allow to a whitelist (allow list) and all other domains will be blocked by default. |
Wildcard Filtering | Not Supported. You need to specify each and every variation of a URL you would like to block. | Supported. A web filter allows you to block all URLs within a domain with one wildcard entry. |
Ease of Use | Difficult. You have to edit the hosts manually for every single device you want to manage. You will also need to reconfigure the file every time you wipe the machine. | Simple. All you need to do is add the websites you’d like to block to your block list. |
Want to learn more? Check out our article on the benefits of web filters.
The hosts file in Windows is a text file that is used by the operating system to map hostnames to IP addresses. In Windows 10 it located in the System 32 folder at C:\Windows\System32\drivers\etc folder
Editing the hosts file in Windows lets you change the IP address that a given website resolves to on your computer. This allows you to override the destination that a website’s DNS zone file would normally take you to.
Since these changes only apply to your local machine this method of web filtering is useful for blocking websites on a personal device. However, anyone managing multiple devices should use a dedicated web content filter instead of blocking websites using hosts file to make policy updates more efficiently.
How you normally get access to web content
Normally when you enter a URL (such as Facebook.com) into the address bar of your web browser it will send a Domain Name System (DNS) request to a server. DNS changes the names of these human-readable domains into an IP address such as 31.13.80.36 (for IPv4) or 2a03:2880:f10e:83:face:b00c:0:25de (for IPv6) that identifies the server’s location.
How hosts changes this
You can think of DNS as the internet phone book and the hosts file of your local machine as your own personal address book.
Imagine you’re looking up someone’s phone number. Before resorting to the phone book (DNS) you’ll first take a look at your personal address book (the hosts file) to see if you have any contact details (IP addresses). If you do, you’ll not bother to check the phone book at all.
Your computer works the same way. Before any request for a domain takes place from your web browser, your machine will actually reference the local hosts file first. If any entries are found there they will be used instead.
This is precisely how you are able to block websites using hosts file. It has lines of text that consist of an IP address followed by a host name. These lines of text can be modified to tell your web browser that a given host name should route to a given IP address.
So, if you want to stop your users from accessing Facebook you can enter Facebook.com into your hosts file and route it to the IP address of your local machine (127.0.0.1). This will allow you to block websites using hosts file.
DNS changes names of domains into IP addresses. For example, 69.63.184.142 is one of the IPs of facebook.com. You can use a hosts file to change that and redirect the site you want to block to another address. It will allow you to link a certain domain name with any IP address you want.
Note: When you block websites using hosts file the websites will only be blocked on the local PC. To ensure that websites are blocked on multiple computers you need dedicated web filtering software.
Ad filtering with the hosts file works exactly the same way as blocking a website does. Entries for known malicious or spammy domains can be blocked by adding them to the file and redirecting them to another IP address.
Web developers can use the hosts file to test and develop websites on their local machine. To make changes to a website before it is made public the web developer will install the site files locally and edit the hosts file on their computer so that it points the sites domain name to the IP address of the environment they want to test in.
The Tennessee College of Applied Technology (TCAT) is one of the best technological educational institutions in the Tennessee area. To keep delivering a cutting-edge learning experience, TCAT Crump knew that they needed to integrate online resources into their curriculums and teaching methods.
But allowing internet access into a network is not without its risks. As an information technology instructor, Gabriel Alvarado is adamant that educational institutions need to defend against unauthorized access to personal information belonging to pupils, parents, or staff.
Gabriel knew that restricting internet access with the best internet filtering tools they could find was essential for protecting their students and network against web-based threats. In addition to improving internet security, BrowseControl provided TCAT students with an optimal educational experience by blocking distracting websites during class hours and preventing bandwidth hogs from impacting the performance of the network.
BrowseControl’s convenient remote installation options and central management console made it the best internet filtering software for TCAT as they could deploy the software during the school term rather than having to wait until the holidays. Staff and user accounts could be readily distinguished, allowing web filtering policies to be customized to the needs of each group.
BrowseControl blocks apps, internet distractions, and high-risk sites no matter where your Windows devices are. Effortlessly manage your entire workforce from a convenient central console.
When a file is read-only you can freely open it but you can’t save any changes you make.
Follow these steps to disable read-only mode:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Note: All of the octothorpes (aka hashtag/pound sign/number symbol – #) are used to comment out text entries. Any content on the same line as the # symbol will be ignored. Thus, the default file does not actually do anything.
To access the hosts file using the file explorer you simply need to log in to an administrator account and enter %SystemRoot%\System32\drivers\etc\ into the address bar. If it is not there, it may be hidden. Follow this guide to show hidden files in Windows.
If you do not have administrator permission, you will receive an error like this:
Note: You must have administrator privileges to access and edit the hosts file. If you do not run Notepad under administrator privileges, you will only get to view the file and you will be unable to save your changes to the appropriate folder. Any changes you make will not work unless it is saved in the correct location – saving it in the Documents folder will not allow you to block websites using the hosts file.
Need to restrict internet access in your network? In this tutorial you will learn how to block websites using a free trial of BrowseControl, CurrentWare’s web content filtering software.
With BrowseControl you can…
Block websites based on URL, category, domain, or IP address
Schedule unique internet restrictions throughout the day
Assign custom policies for each group of computers or users,
and enforce internet usage policies, even when devices leave the network
There are 3 ways to block employee internet access with BrowseControl
1) Block access to specific websites with the Block List
2) Restrict internet access to only certain sites with the Allow List
3) Using the Category Filtering feature you can block access to content categories such as Porn, Virus Infected, or Social Media
For complete control over internet and application use in your network, you can combine BrowseControl with BrowseReporter, CurrentWare’s internet monitoring software.
All right, let’s get started.
To begin, sign up for a free trial of BrowseControl at CurrentWare.com/Download. After filling out the form you will be provided with the files you need to get started with BrowseControl.
To install BrowseControl, run CurrentWare.exe on the administrator’s computer and follow the installation instructions; this will install the CurrentWare Console and Server.
After that, deploy the CurrentWare Client Setup file (cwClientSetup.exe) on all of the computers you would like to control.
From there you can import your Active Directory organizational units or manually create your desired policy groups.
For full installation instructions, please visit our knowledge base at CurrentWare.com/Support.
Now that you have BrowseControl installed, I’ll show you how to block specific websites based on their URL, domain, or IP address with the URL Filter.
This feature can be used to block your employees from accessing distracting websites like Facebook, TikTok, or Instagram.
First, decide whether you want to control internet access based on users or computers and select the desired mode.
Next, click on the URL Filter then select “Blocked List”
From the drop-down menu, select the group of computers or users that you want to restrict
Enter the URL, domain, or IP address of the websites you want to block to the master URL list, then press the Enter key or click “Add”.
BrowseControl will apply a wildcard to the URL, ensuring that any paths within the domain will be blocked as well.
In the master URL list, select the websites you want to block for the chosen group, then click “Add to Blocked List”.
If you would like to add the selected websites to the block list of multiple groups, you can press the drop-down arrow and select “add to multiple groups”, select the desired groups, then click “add to blocked list”
If you have a large number of websites you would like to block, you can also use the import feature to import an existing list.
Finally, click “Apply to Clients”.
That’s it! You have now blocked your employees, students, or patrons from accessing those specific websites.
Next, I’ll show you how to restrict internet access to only certain sites.
This feature is ideal if you want to prevent your employees, students, or patrons from accessing websites that are not explicitly allowed by your organization.
The process is identical to how you would block a website, except this time you will set the internet to “off” and add the websites you would like to allow to the Allow List.
With this method, your users will only be able to access the exact websites that have been approved by your company.
Here are the full instructions.
First, decide whether you want to control internet access based on users or computers and select the desired mode.
Next, click on the URL Filter, then ensure that “Allowed List” is selected
From the drop-down menu, select the group of computers or users that you want to restrict
Next, set the internet to “Off”. This will ensure that only the websites that are added to the allowed list can be accessed.
Enter the URL, domain, or IP address of the website you want to allow to the master URL list, then press the Enter key or click “Add”. BrowseControl will apply a wildcard to the URL, ensuring that any paths within the domain will be allowed as well.
In the master URL list, select the websites you want to allow for the chosen group, then click “Add to Allowed List”
If you would like to add the selected websites to the Allowed list of multiple groups, you can press the drop-down arrow and select “Add to Multiple Groups”, select the desired groups, then click “Add to Allowed list”
If you have a large number of websites you would like to allow, you can also use the import feature to import an existing list.
Finally, click “Apply to Clients”.
Next, I’ll show you how to block websites based on content categories such as Porn, Virus Infected, and Social Media
With BrowseControl’s category filtering feature you can block billions of websites across over 100 URL categories. More than 10,000 new domains are added each day, making it simple to restrict internet access even as new sites emerge.
Here’s how:
First, decide whether you want to control internet access based on users or computers, then select the desired mode.
Next, click on “Category Filtering”
From the drop-down menu, select the group of computers or users that you want to restrict
Select the web content categories you would like to block, then click “Add to Blocked List”
Finally, click “Apply to Clients”.
That’s it!
The Allow List can also be used in tandem with the Category Filtering feature to allow websites that would otherwise be blocked based on their content category.
For example, you could use the Category Filtering feature to block Social Media while still allowing access to LinkedIn.
Now that you’ve seen the 3 key ways you can block a website with BrowseControl, I’d like to show you how to restrict internet access at certain times.
With BrowseControl’s Internet Scheduler you can schedule custom block or allow lists throughout the day.
This feature will bring some flexibility to your internet restriction policies; in this example, we will allow our employees to browse the internet during lunchtime.
Here’s how to use the internet scheduler
First, decide whether you want to control internet access based on users or computers and select the desired mode.
Next, click on “internet scheduler”
From the drop-down menu, select the group of computers or users that you want to restrict
Next, click “New Schedule”
Set the start and end time of the schedule. Then, select the schedule type.
Internet On will allow internet access to all websites that are not on the URL Block List
Custom allowed list will only allow access to specific websites.
Custom blocked list will block access to a specific list of websites and allow access to the rest of the internet.
Custom Category blocked list will block specific categories and allow access to the rest of the internet.
Next, set your desired schedule frequency.
Daily will enable the schedule every day during the specified time period.
Weekly will enable the schedule only on specific days of the week.
Monthly will enable the schedule only on specific months.
Next, click “Add Schedule”.
If you selected one of the custom block or allow list options, you can click the link provided under the “schedule type” column to set the websites or categories that you would like on the list.
And finally, click “Enable Scheduler” if it is not already enabled
That’s it for today. If you’re ready to start blocking websites you can get a free trial of BrowseControl at CurrentWare.com/Download.
If you have any questions during your evaluation our support team is available to help you over a phone call, live chat, or email.
See you next time!
Need to restrict employee internet access at-scale? With BrowseControl you can block websites for all of your computers and users in just a few clicks. BrowseControl’s granular internet restriction policies allow you to apply unique restrictions to each group of users or computers in your company.
There are multiple ways to block users from accessing certain websites. Editing the hosts file in Windows is a viable method for blocking websites on a per-device basis, however to properly manage web filtering policies across multiple devices on a network you will need a centralized web filter.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |