Blocking web sites with Windows Firewall

Possibly, depending on which version of Windows you're using, although I don't recall ever seeing any such options.

It's probably easier to just add entries into your C:/WINDOWS/SYSTEM32/DRIVERS/ETC/HOSTS file (it's a plain ASCII text file that you can edit directly with Windows Notepad), like so:

127.0.0.1 www.bad-web-site.example.com
127.0.0.1 www.another-site.example.net

The IP address "127.0.0.1" is localhost (your local computer), and using it for the web site addresses (the domain names) you wish to block will result in a timeout (assuming you're not running a local web server like Apache HTTPd; if you are, then its web page will appear which will be fine anyway).

Make sure that you block both with and without the "www" portion; this is quite easy as you can specify multiple sites on a single line by delimiting them with spaces, like so:

127.0.0.1 www.bad-web-site.example.com bad-web-site.example.com
127.0.0.1 www.another-site.example.net another-site.example.net

Also note that the domains are added without any protocol, so without http://, https:// or ftp://.

How To Article

Note: In Windows Vista or Windows 7 you must open Notepad.exe as an Administrator to be able to edit and save changes to the hosts file. Right click on notepad.exe or its shortcut and select "run as Administrator" once Notepad is open use File > Open to navigate to the hosts file.


First of all Go to Command Prompt and Do Ping URL to get IP address of that website:

Ping example .com

and you get IP Address of website

Pinging example.com [93.184.216.119] with 32 bytes of data:
Reply from 93.184.216.119: bytes=32 time=287ms TTL=43
Reply from 93.184.216.119: bytes=32 time=286ms TTL=43
Reply from 93.184.216.119: bytes=32 time=285ms TTL=43
Reply from 93.184.216.119: bytes=32 time=294ms TTL=43

Ping statistics for 93.184.216.119:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 285ms, Maximum = 294ms, Average = 288ms

go to Control Panel > windows FireWall > in the left side click Advanced Setting

go to Outbound Rule and in right side Click New Rule enter image description here

  • in New OutBound Rule Wizard select Custom and click Next
  • in Program Screen Select All Program And click Next
  • in protocol and ports Leave default Setting and click Next
  • in Scope Screen Under Which remote IP address Does This rule apply to? select These IP address and click add Button
  • in IP Address Dialog under This IP address or subnet: enter IP address of website and click ok and then click next enter image description here

  • in Action screen select Block the connection and click next

  • in Profile screen leave all 3 check box selected and click next
  • in Name Screen choose name for rule and click finish
    test what you do by enter URL in any browser that you want
    good luck!

This is a very generalized question... (more information would be useful...) as the Windows Firewall exists in different versions... and has different capabilities with each version... etc.

(Assuming you're running windows 7, and you're ONLY wanting to use the windows-firewall) The short answer is: Sort-of. You can deny access to a IP address, which would in-turn deny access to any websites hosted on that IP address. This rule would apply to any application attempting to connect to that ip-address. (Windows 7 has the only windows-firewall that blocks outbound connections) The only fly in that ointment, is that most companies of any large scale have many IP addresses all of which serve pages for that website. yes you can block them all, but it's really an excessive amount of work.

(If you don't mind getting your hands dirty) you can also modify the hosts file (c:\windows\system32\drivers\etc\hosts) and put a bogus entry in there for the domain in question, but a lot of anti-virus with some level of heuristics will identify this as some sort of suspicious activity, and others will silently wipe out any changes you make.

The third option is to invest in a router that has some sort of content-filtering options... (there's quite a few out there that work quite well that aren't too expensive) or look at software like netnanny or other solutions like OpenDNS to provide whatever level of filtering you require.