Quick Links

Key Takeaways

  • The hosts file is the first place Windows checks for IP addresses when connecting to websites and can be manually edited to block access to specific websites.
  • The hosts file is located in "C:\Windows\system32\drivers\etc" on both Windows 10 and 11, and you need administrative permissions to edit it.
  • To block a website with the hosts file, direct the URL to either 0.0.0.0 or 192.168.0.1.

The hosts file is the first place Windows checks when connecting to a website. You can edit it manually to block access to specific websites. Find out what and where it is, and how to edit it.

What Does the hosts File Do?

When you type in a regular web address to access a website, like google.com, your PC doesn't automatically know how to connect. It needs the correct IP address associated with the web address in order to make a connection.

The hosts file is the first place your PC will check to find an IP address for a website, but by default, the hosts file doesn't contain any. If your PC can't find an IP address in the hosts file, it checks the DNS cache or connects to a DNS server. When a web address and an IP are inserted into the hosts file, it will provide that information to your computer any time you try to connect to that web address.

If the hosts file tells your computer to find a web address at an IP address that won't connect — like 0.0.0.0 — it blocks access to the website.

The Windows hosts File Location

The hosts file is located in "C:\Windows\system32\drivers\etc" on both Windows 10 and 11. You need administrative permissions to edit it, which means that you can't just open it in a normal Notepad window.

How to Edit the Windows hosts File

You can edit the hosts file with any text editor. There are a variety available, but both Windows 10 and 11 come with Notepad. Avoid using a word processor — the differences between Notepad and a word processor like Wordpad can sometimes cause problems.

You'll need to run Notepad as administrator to edit the hosts file. To do this on Windows 10, click the start button, type "notepad" into the search bar, and then on the right, click "Run as administrator."

In the start menu, click "Run as administrator"

Running Notepad on Windows 11 is the same process as Windows 10, except "Run as administrator" is not displayed immediately. Click on the start button, and then type "Notepad" into the search bar. On the right-hand side, click the small downward-facing arrow to reveal more options.

In start menu, click small arrow

Then click "Run as administrator."

Click "Run as administrator"

Once Notepad is open, click on File > Open, and navigate to "C:\Windows\System32\drivers\etc"

Notepad is set to look for ".txt" files by default, so you'll need to set it to look for "All Files" in the drop down menu instead. Then, click the hosts file and hit open.

Click "Text Documents" and change to "All Files". Click hosts file, then click "Open."

Once the hosts file is open, you can start adding lines to block websites. The lines that go into the hosts file can be broken up into three basic components, each separated by at least one space.

  1. The IP Address - This tells your PC where to look for a website.
  2. The Web Address - This is the website address you want to block.
  3. The Comment - Where you describe what the line does. The comment must have a hashtag preceding it.

It isn't necessary to include the comment for the hosts file to work, but commenting files when you edit them is an excellent habit.

Square labeled 1 indicating where the IP goes. Square labeled 2 indicating where web address goes. Square labeled 3 indicating where optional comment goes.

Once you're done adding lines, click File > Save to save your changes. There shouldn't be a popup after you click save. If there is, it means Notepad does not have administrative access, and that you need to close Notepad and run it as administrator. Once you've saved successfully, go ahead and exit Notepad.

There are two addresses, 127.0.0.1 and 0.0.0.0, that are commonly used in the hosts file to block traffic. There are significant differences between 127.0.0.1 and 0.0.0.0, but in most cases either will work. Rarely, a program running on your PC might have problems if you use 127.0.0.1, so it is best to stick with 0.0.0.0.

If You Can Still Connect to Blocked Addresses

Recent versions of Google Chrome, Mozilla Firefox, and Microsoft Edge all use DNS over HTTPS (DoH) by default. DNS over HTTPS works the same way as a regular DNS server, however DNS over HTTPS encrypts your queries to boost your privacy. Encrypting your queries means that third parties can't tell what requests you've sent to a DNS server, or how the server responds.

When DNS over HTTPS is enabled in a browser, the browser bypasses the normal DNS client in Windows 10 and 11. That means the browser ignores the hosts file entirely and uses a secured DNS server specified by the browser instead, so any addresses you attempt to block using the hosts file will be accessible. If you want to use the hosts file to block web browser traffic, you'll need to disable DNS over HTTPS in your browser.

Fortunately, you can enable DNS over HTTPS on Windows 11. That will allow you to use the hosts file to block addresses while maintaining the advantages of DNS over HTTPS.