Ping statistics for This is a very generalized question You can deny access to a IP address, which would in-turn deny access to any websites hosted on that IP address. This rule would apply to any application attempting to connect to that ip-address.
Windows 7 has the only windows-firewall that blocks outbound connections The only fly in that ointment, is that most companies of any large scale have many IP addresses all of which serve pages for that website.
The third option is to invest in a router that has some sort of content-filtering options Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams?
Learn more. Blocking web sites with Windows Firewall Ask Question. Asked 10 years, 9 months ago. Active 1 year, 4 months ago. Viewed k times. Is it possible to use Windows Firewall to block specific web sites for all browsers? Improve this question. Mark Cidade Mark Cidade 2 2 gold badges 11 11 silver badges 15 15 bronze badges. Add a comment. Active Oldest Votes. Make sure that you block both with and without the "www" portion; this is quite easy as you can specify multiple sites on a single line by delimiting them with spaces, like so: Improve this answer.
Arjan Randolf Richardson Randolf Richardson This idea is really slick. As a developer, I do not know why I didn't think of this. It is profoundly simple, quick to deploy, and targets a domain name that might have several to scores of IP addresses associated with it.
Sorry to be a bother but I just attempted this on a Win10 machine but can still hit the offending sites. It wasn't mentioned but do changes to take effect immediately or is a restart required? AminM AminM 1 1 gold badge 9 9 silver badges 22 22 bronze badges. You can also create a Firewall rule that blocks the connection to the website using PowerShell:.
You can find it in the graphical interface of your Windows Defender Firewall. I have added the —NoHostsFile parameter to the Resolve-DnsName cmdlet in order not to use the hosts file for resolving. This article is mostly a brain training exercise. In a corporate network, you must use website filtering on your Internet access gateway, router or a proxy server.
The host-level blocking is not very effective. You should mention this aspect when you talk about that aspect of things. Well, I found with some of the google stuff I was trying to block and routed to I bet there are apps that you want to block that act both as client and server so looping back forms a connection back to your own machine.
While this does keep those attempts back within your machine, it still seems undesirable. My solution here was to identify a network address locally that DNE and never will outside my DHCP allocation pool, will not be statically created by me — which also implies that I have entire control over the network which I do and then use the hosts file to send these requests to a dead end.
Is that better than having them loopback, never hit the network, and connect to something locally? I am hoping with the address translation from an URL to a host in the hosts file to a dead address on the network and then using Windows Defender to block outgoing requests for that dead IP, that combination will result in the firewall just quietly eating the outside connect requests so a there will be no connections back to my machine in loopback and b there will be no extra connection requests firing into the local network because Defender blocked them.
Just some extra strategies for the thought experiment. I do appreciate the article for the knowledge you have conveyed — thank you. Note, do not use the Link Address range which is used for when a DHCP server is not available and DHCP clients are trying to assign themselves no central direction an IP address that does not conflict with another using trial-error-retry with new address approach. Leave that address band alone, but there are still other reserved address ranges you could use.
Block it locally as an outgoing address on your box. One somewhat useful depends on how machines on your network setup ping handling way to test a reserved address on your local net would be to ping it from the command line. That would tell you if it was occupied if you got a ping response. Does not tell you nothing might be there if you do not — machine could be off temporarily or be set not to return ICMP echoes when pinged.
But if you do get a response on a reserved internet address, try another. There are 3 or 4 ranges with a lot of addresses in them in the list of reserved addresses. Notify me of followup comments via e-mail. You can also subscribe without commenting. Leave this field empty. Home About.
0コメント