SEARCH

How-To Geek

How to Block Websites in Windows 8′s Hosts File

image

Windows 8 takes a new approach to the hosts file by default – it won’t allow you to block Facebook and other websites by modifying your hosts file. Luckily, there’s a way to bypass this restriction.

When you add certain website addresses to Windows 8’s hosts file, Windows 8 will automatically remove them, effectively ignoring your changes. Microsoft isn’t just doing this to annoy us – there’s a good reason for it.

What’s a Hosts File?

When you access a website, your computer contacts your domain name system (DNS) server and requests its numerical IP address. For example, Facebook.com maps to 66.220.158.70. Your computer will then connect to this numerical IP address and access the website.

Your hosts file is a file, local to your computer, that can override this behavior. By editing your hosts file, you can point Facebook.com at any IP address you want. Some people use this trick to block websites – for example, you could point Facebook.com at 127.0.0.1, which is your computer’s local IP address. When someone tries to access Facebook.com on your computer, your computer will attempt to connect to itself at 127.0.0.1. It won’t find a web server, so the connection will immediately fail.

Why the Restriction is in Place

Unfortunately, malware often edits the hosts file to add such lines. For example, the malware could point Facebook.com at a different IP address entirely – one run by a malicious organization. The malicious website could even be disguised as Facebook.com. A user would look at their address bar, see Facebook.com, and never consider that they may be looking at a phishing site.

To prevent this from taking place, Windows 8 (more specifically, the Windows Defender antivirus included with Windows 8) monitors your hosts file. When it notices that a website such as Facebook.com has been added to your hosts file, it immediately removes the entry and allows connections to the normal Facebook.com website.

This is actually an important security feature for many users that would never consider editing their hosts file. However, if you’re a tech savvy user that wants to edit your hosts file to block a website, you can disable this restriction.

Ways to Bypass the Restriction

Because this restriction is put in place by the Windows Defender (formerly known as Microsoft Security Essentials) antivirus included with Windows 8, you have several options for bypassing it:

  • Exclude the hosts file from being monitored in Windows Defender – If you want to use Windows Defender instead of a third-party antivirus, this is your best option. This does mean that Windows won’t protect you from malicious hosts file entries added by malware, however.
  • Install a Third-Party Antivirus – Many third-party antivirus applications won’t be as aggressive about policing your hosts file. Many, such as avast! and AVG, are free. When you install a third-party antivirus, Windows Defender will disable itself.

You can also disable Windows Defender entirely, but that isn’t a good idea unless you’re using a third-party antivirus. Even if you’re a careful computer user, having multiple layers of protection is a good security practice.

Excluding the Hosts File

To exclude the hosts file from being monitored in Windows Defender, first open Windows Defender – press the Windows key, type Windows Defender, and press Enter.

image

Click the Settings tab and select the Excluded files and locations category.

image

Click the Browse button and navigate to the following file:

C:\Windows\System32\Drivers\etc\hosts

(If you installed Windows to a different directory, start in that directory instead of C:\Windows)

image

Click the Add button and then click Save Changes to save your changes.

image

You may now edit the hosts file normally.

Editing Your Hosts File

You’ll have to edit your hosts file as administrator. If you open it normally and try to save it, you’ll see a message stating you don’t have permission to save a file in its location.

image

To launch Notepad as administrator, press the Windows key, type Notepad, right-click the Notepad application that appears, and select Run as administrator. (You can also launch any other text editor you prefer, such as Notepad++.)

image

Click File –> Open in the Notepad window and navigate to the following file:

C:\Windows\System32\Drivers\etc\hosts

You’ll have to select All Files in the file type box at the bottom of the open dialog or the hosts file won’t appear in the list.

image

Add a line for each website you want to block. Type the number 127.0.0.1, followed by a space or tab, and then type the name of a website. For example, the following lines would block both facebook.com and example.com:

127.0.0.1 facebook.com

127.0.0.1 example.com

image

Save the file after you’re done. Your changes will take effect immediately and the website will be blocked – no system or browser restart required.

image

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 08/23/12

Comments (18)

  1. sebsauvage

    Why do people still use 127.0.0.1 ?
    The browser will still try to make a request to this address, and you will get – after a while – a timeout.
    This slows down page loading.

    By using 0.0.0.0, the request will immediately fail, speeding up pages which have widgets from those blocked websites (GA, FB, Twitter…).

    TL;DR: Use 0.0.0.0 instead of 127.0.0.1

  2. spoko

    Yeah, but @sebsauvage, there’s no place like 127.0.0.1 .

    In honesty, though, good tip. Thanks for that.

  3. Dingaling

    This isn’t “blocking” so much as it is re-directing. Maybe you know, but whenever you resolve a name to a IP address the first place it looks is at the hosts file. And if it finds a name and an associated IP address in the hosts file then it’s done looking. (Next it would look for a local DNS server and then finally look for a public DNS server). But that doesn’t mean you can’t get to a “blocked” web site. Cause all you would have to do there is type in the IP address. So once you remember that the IP address of http://www.facebook.com is actually 69.171.228.79 then you effectively can bypass any sort of re-direction that’s “blocking” you from going to Facebook’s real web site.

    But that’s not why I would edit my hosts file. Personally, I might edit my hosts file to include web sites that I often visit. That way it speeds up the page loading just a little. Granted, we’re really only talking about a microseconds difference in time. But it is faster to have your most commonly visited pages stored locally in your hosts file than to have to go out to a DNS server every time to browse to a particular site – or for any other reason. (It’s also a good reason to find a better/faster DNS server that whatever your ISP set you up with too.)

  4. chess

    @spoko good old 127……

  5. TheFu

    Does MSE take over the hosts file on Windows7 or is this purely on Windows8 (the new Vista)?

    Blocking facebook, twitter, gmail, foursquare and most of the top 50 websites is part of security. By preferring to do that at the router and web proxy level, all devices on the network get protected automatically.

    Whether to use 0.0.0.0 or 127.0.0.1 doesn’t matter if there isn’t a web server running on the machine AND listening on the port that is being requested – usually 80 or 443. If you are running a firewall, and you should be, then trying to access port 80/443 on a local PC should fail immediately.

    0.0.0.0 means accept traffic on any interface for inbound traffic when seen in a listener, so I find it confusing in an /etc/hosts file.

    I’ve seen others recommend using 0.0.0.0 elsewhere. They claim that some OSes get slow when using large 127.0.0.1 hosts tables. I don’t know about that, since I’ve never seen it get slow on WinNT, Win2000, WinXP, Vista, Win7, portable devices or about 40 different versions of Linux/UNIX. OTOH, I haven’t run any repeatable tests either, so I don’t have any facts.

  6. r

    I use 127.0.0.1 to test applications. when I get an IPv4 connection with it and subnet mask 255.0.0.1. If any public router, switch or gateway gets a packet addressed to the loopback IP address, it is required to drop it without logging the info. If a data packet is delivered outside of the localhost it’ll not accidently arrive at a computer which will try to answer it. The loopback does help ensure net. security.

  7. Taylor Gibb

    @sebsauvage arent you the author of ZeroBin :D

  8. GaGator

    MS seems to be ignoring its commercial base. Our business can’t afford a payroll that supports wholesale staff ‘socializing’ and surfing during business hours. Facebook will remain blocked on our corporate servers and employees are free to play on their own time, or seek opportunities elsewhere.
    –E. Scrooge

  9. Paul

    This is just another reason why I won’t get Windows 8. Seriously: why is there even a hosts file at all if Windows won’t let you modify it? It’s damn crazy. Someone at Microsoft just isn’t thinking.

  10. gmoney

    “You can also disable Windows Defender entirely, but that isn’t a good idea unless you’re using a third-party antivirus. Even if you’re a careful computer user, having multiple layers of protection is a good security practice.”

    I have always been told that it is not a good idea to have 2 antiviruses at the same time. Not only does it hog up much valuable resources but it can cause issues with the computer functioning. It surprises me that they would suggest keeping windows defender enabled. Am I the only one that feels this way?

  11. SatoMew

    @gmoney, you’re misunderstanding. If you install another antimalware, Windows Defender in Windows 8 will disable itself, like the Windows Defender in Windows Vista and Windows 7.

    Windows Defender in Windows 8 is basically Microsoft Security Essentials built-in but it works like the old Windows Defender regarding interaction with other antimalware (Microsoft Security Essentials in Windows XP, Windows Vista and Windows 7 does not disable itself after another antimalware is installed). And there isn’t necessarily an issue in running two different antimalware at the same time. For example, I run Microsoft Security Essentials and Malwarebytes Anti-Malware PRO simultaneously; however, the latter is developed to co-exist with other antimalware.

  12. fallout330

    good info and eye openers on the comments, sebsauvage, Dingaling & TheFu

    ty

  13. suman

    127.0.0.1 can be used as localhost if localaserver is installed so i used it to make a new page and when any one tries to access it, just go to my page. i use xaamp or easyphp for doing it.

  14. sebsauvage

    @Taylor Gibb

    Yes I am :)

  15. Bob Cain

    How do you get http://www.facebook.com to go to http://www.cnn.com then?

  16. Anon

    Using 0.0.0.0. Was using 127.0.0.1.

    I used notepad++, Ctrl & F, replace tab, replace 127.0.0.1 with 0.0.0.0, click replace all. Make sure to fix your localhost back to 127.0.0.1.

  17. Natasha Lambert

    Thank you for the advice. I just have a question though I’m assuming this is for a personal PC, what about for a start up company? A friend of mine suggested:Web Content Filter but I would like a second opinion. Cheers!

  18. Adelaide

    Being a geek that I am, I have always stayed away from scary commands and features. Some months ago, I installed Qustodio and realized that it suited my geekiness perfectly. I don’t need to intervene much and it blocks sites automatically in real time, tracks data, and also monitors the activities kids engage in on social media sites. Perhaps the biggest advantage I found was that kids have a hard time unblocking sites or finding a work around to gain access to blocked sites.

Enter Your Email Here to Get Access for Free:

Go check your email!