How To Block Websites On Windows Using The Hosts File

In this article I will show you how to use the hosts file to block websites on Windows computers. I will also go over the limitations of using the hosts file to restrict access to the web when compared to dedicated web filtering software so you can choose the best internet management method for your needs.

Why Should I Block My Users From Accessing Certain Websites?

• Bandwidth Management: Bandwidth abuse causes severe latency and network crashes. Organizations will use a bandwidth analyzer to identify the users and websites responsible for the excessive bandwidth usage, later adding them to their internet blacklist to prevent future abuse.
• Network & Endpoint Security: By preventing users from accessing malicious websites that are known to contain malware, an internet filter provides critical security controls for protecting sensitive data 
• Productivity Management: Content filters are used to block access to distracting websites and computer applications such as social media sites, computer games, and video streaming services. 
• Data Security Compliance: Organizations that are responsible for sensitive data such as personal health information (PHI) will use internet blocking tools to prevent employees from maliciously or negligently leaking data through unauthorized data management channels such as personal cloud storage accounts.
• Blocking Inappropriate Content: Administrators will use internet filters to blacklist content that is considered NSFW or otherwise inappropriate for their users such as porn, grotesque imagery, violence, and profanity. Filters prevent underaged users from accessing adult content while also mitigating against the use of websites that may contribute to a hostile work environment.

Want to learn more? Check out our article on the benefits of web filters.

What is the Hosts File in Windows?

The hosts file is a plaintext file that is used to map domain names to IP addresses. Editing the hosts file lets you change the IP address that a given website resolves to on your computer. This allows you to override the destination that a website’s DNS zone file would normally take you to.

Since these changes only apply to your local machine this method of web filtering is useful for blocking websites on a personal device. However, anyone managing multiple devices should use a dedicated web content filter to make policy updates more efficiently. 

Web filtering software will also provide far more granularity than editing the hosts file. For a full comparison of blocking websites with the hosts file vs with a web filter click here.

How the Hosts File Works

How you normally get access to web content

Normally when you enter a URL (such as Facebook.com) into the address bar of your web browser it will send a Domain Name System (DNS) request to a server. DNS changes the names of these human-readable domains into an IP address such as 31.13.80.36 (for IPv4) or 2a03:2880:f10e:83:face:b00c:0:25de (for IPv6) that identifies the server’s location. 

How the hosts file changes this

You can think of DNS as the internet phone book and the hosts file of your local machine as your own personal address book. 

Imagine you’re looking up someone’s phone number. Before resorting to the phone book (DNS) you’ll first take a look at your personal address book (the hosts file) to see if you have any contact details (IP addresses). If you do, you’ll not bother to check the phone book at all.

Your computer works the same way. Before any request for a domain takes place from your web browser, your machine will actually reference the local hosts file first. If any entries are found in the hosts file they will be used instead.

This is precisely how the hosts file can be used to block websites. The hosts file has lines of text that consist of an IP address followed by a host name. These lines of text can be modified to tell your web browser that a given host name should route to a given IP address. So, if you want to stop your users from accessing Facebook you can enter Facebook.com into your hosts file and route it to the IP address of your local machine (127.0.0.1).

What is the Hosts File Used For?

The hosts file is used to block websites

DNS changes names of domains into IP addresses. For example, 69.63.184.142 is one of the IPs of facebook.com. You can use a hosts file to change that. It will allow you to link a certain domain name with any IP address you want. These changes will only apply to your PC.

The hosts file is used for ad blocking

Ad filtering with the hosts file works exactly the same way as blocking a website does. Entries for known malicious or spammy domains can be added to the hosts file and redirected to another IP address.

The hosts file is used for web development

Web developers can use the hosts file to test and develop websites on their local machine. To make changes to a website before it is made public the web developer will install the site files locally and modify the hosts file so that it points the sites domain name to the IP address of the environment they want to test in.

Web Filters vs Hosts File for Blocking Websites

	Hosts File	Web Filter
Multiple Devices	Not recommended. It forces you to decentralize the management of your network.	Recommended. The centralized console of a web filter makes managing multiple devices simple and efficient.
Granularity	Limited. Web access permissions can only be done on a per-device basis. Changes to the hosts file also affects all users on the device.	Advanced. Unique web access permissions can be adjusted for each device, user, and workgroup.
Whitelisting	Difficult. Using the hosts file block all websites except approved ones requires you manually find the IP addresses of the websites you would like to allow, add them to the hosts file, and direct all other traffic to a null route.	Simple. To whitelist websites with a web filter you simply need to add the domains you’d like to allow to a whitelist (allow list) and all other domains will be blocked by default.
Wildcard Filtering	Not Supported. You need to specify each and every variation of a URL you would like to block.	Supported. A web filter allows you to enter *.doubleclick.net to block any website that ends in .doubleclick.net.
Ease of Use	Difficult. You have to edit the hosts manually for every single device you want to manage. You will also need to reconfigure the hosts file every time you wipe the machine.	Simple. All you need to do is add the websites you’d like to block to your block list.

How to Edit the Hosts File to Block Websites in Windows (Guide)

1. Open Notepad as an Administrator
   While logged into an administrator’s account press the Windows Key and type in “Notepad”
   
2. Right click on Notepad and press Run as administrator
   
3. If your User Account Control dialogue box opens up asking “Do you want to allow this app to make changes to your device?”, select Yes
   
4. Open the Hosts File
   In Notepad click on File > Open or press CTRL + O
   
5. In the Address Bar of the Open Dialogue Box enter this text string: %SystemRoot%\System32\drivers\etc\hosts
   
6. At first you will not see anything in this folder. To make the contents of this folder visible you must click the drop-down menu in the bottom-right corner and change it from “Text Documents (*.txt)” to “All Files (*.*)”
   
7. Double-click on the hosts file to open it
   
8. The default, unmodified hosts file should look exactly like this
   
9. (Optional) Backup the hosts file
   As a precaution you can make a backup of your hosts file by copying the text to a new Notepad file. Should the changes you make to your host file cause unwanted behavior you can simply replace the edited hosts file with the backup. You can also visit this guide to reset the hosts file back to its default configuration. 
10. Add the Websites You Want to Block to the Hosts File
    In this example we will block the computer from accessing Facebook.
    
    On a new line, add this to your hosts file: 127.0.0.1 www.facebook.com.
    
    It’s important to note that this will only block www.facebook.com specifically. You will need to add a new line for Facebook.com to completely block Facebook.
    
    The IP address 127.0.0.1 is the default IP address for the local machine (localhost). Using this as the remapped IP will ensure that you do not accidentally send your users to an unwanted IP address. You could also use a non-existent IP address such as 0.0.0.0 if you wish.
    
    Note: When you attempt to visit a blocked domain after it has been added to your hosts file you may get a privacy/security warning from your web browser. This is because the web browser was expecting a valid security certificate from the domain. Since the hosts file remaps the connection attempt back to the localhost rather than the actual website the web browser will flag the unexpected behavior.
    
    

Hosts File: Troubleshooting & FAQ

My Hosts File is Read Only. How Do I Fix This?

When a file is read-only you can freely open it but you can’t save any changes you make. 

Follow these steps to disable read-only mode for your hosts file:

1. Go to the hosts file: Enter %SystemRoot%\System32\drivers\etc\ in the address bar of the file explorer or enter that string as a Run command
   
2. Right-click on the hosts file and click on Properties
   
3. At the bottom of this screen you will see Attributes. If the Read-only checkbox next to it is filled in you can click it to disable the Read-only attribute
   
4. Click on Apply and OK to save your changes
5. After making your desired changes to the hosts file you should consider reenabling read-only again to help prevent unwanted changes.

What Are the Default Contents of the Hosts File?

If you would like to reset your hosts file back to its default setting you can copy and paste the below text into a Notepad file and replace your current hosts file with it. 

When you open the hosts file on a Windows computer you will find this:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ‘#’ symbol.
#
# For example:
#
#      102.54.94.97      rhino.acme.com      # source server
#      38.25.63.10      x.acme.com      # x client host
# localhost name resolution is handled within DNS itself.
#     127.0.0.1      localhost
#     ::1      localhost

Note: All of the octothorpes (aka hashtag/pound sign/number symbol – #) are used to comment out text entries. Any content on the same line as the # symbol will be ignored. Thus, the default hosts file does not actually do anything. 

How Do I Open the Hosts File in Windows?

The location of the hosts file is the same for Windows NT, 2000, XP, 2003, Vista, 2008, 7, 2012, 8, and 10. On these systems the hosts file is located at %SystemRoot%\System32\drivers\etc\

Method 1: Access the Hosts File Using the File Explorer

To access the hosts file using the file explorer you simply need to log in to an administrator account and enter %SystemRoot%\System32\drivers\etc\ into the address bar. The hosts file should be there. If it is not, it may be hidden. Follow this guide to show hidden files in Windows.

Method 2: Access the Hosts File With a Run Command

1. Open the Run App
   Press the Windows Key + R to open the Run app
2. In the Open: text field, type in this string of text: %SystemRoot%\System32\drivers\etc\hosts
3. Hit Ctrl+Shift+Enter to run your command with admin privileges. Do not simply hit the Enter key by itself as this only runs the command with normal user privileges.
4. You may be prompted by Windows to choose a program for opening the hosts file. You can choose a basic text editor such as Notepad.
   
5. You should now see the hosts file. It will look like this.
   

If you do not have administrator permission, you will receive an error like this:

Note: You must have administrator privileges to access and edit the hosts file. If you do not run Notepad under administrator privileges, you will only get to view the hosts file and you will be unable to save your changes to the appropriate folder. Any changes you make to the hosts file will not work unless it is saved in the correct location – saving it in the Documents folder will not allow you to block websites using the hosts file.

Method 3: Open the Hosts File With Notepad

1. Open Notepad as an Administrator
2. In Notepad click on File > Open or press CTRL + O 
3. In the Address Bar of the Open Dialogue Box enter this text string: %SystemRoot%\System32\drivers\etc\hosts 
4. At first you will not see anything in this folder. To make the contents of this folder visible you must click the drop-down menu in the bottom-right corner and change it from “Text Documents (*.txt)” to “All Files (*.*)” 
5. Double-click on the hosts file to open it 

Conclusion

There are multiple ways to block users from accessing certain websites. Editing the hosts file in Windows is a viable method for blocking websites on a per-device basis, however to properly manage web filtering policies across multiple devices on a network you will need a centralized web filter.