Skip to content →

HOWTO: Block websites using the HOSTS file

Blocking ad servers and malicious websites is a tough task these days. There are so many tools out there to keep ads blocked, remove spyware, and scan for viruses. Most of this unwanted content comes from known ad servers and known malicious websites. You can harness the power of the Windows’ HOSTS file to actually block some of this stuff. I’ve been doing this for years, and I’m still surprised how well it works.

In a nutshell

For your version of Windows, the HOSTS file is located in

Windows XP:
C:\WINDOWS\system32\drivers\etc\

Windows 2000:
C:\WINNT\system32\drivers\etc\

Windows 98/ME:
C:\WINDOWS\

It does not have an extension — it is just called hosts. The purpose of the HOSTS file is to allow you to manually enter IP addresses associated with websites, so the DNS server can quickly resolve an address. Say you know that google.com is the IP address 64.233.187.99 — you could enter that into the HOSTS file so when your machine requests google.com, it will immediatly know to go to http://64.233.187.99/. Instead, we can take known ad servers, and tell them their IP addresses are 127.0.0.1. For those of you that don’t know, 127.0.0.1 is your local machine, if you were running a server on it. So say, some ad server hosts a banner ad at http://www.adsite.com/ads/23bh3.jpg. If you redirect this server to your lcoal machine in the HOSTS file, when a website calls that hosted image from the ad server, it will try to load http://127.0.0.1/ads/23bh3.jpg. Since that folder and that image don’t exist on your computer, the image won’t show, and you’ve blocked the ad from showing on that website.

Putting it together

This first line of the HOSTS file should list the local IP address:

127.0.0.1       localhost

That tells the rest of the file, 127.0.0.1 is your local machine, like I explained above. You could also use 0.0.0.0 instead of 127.0.0.1 — either will work, but whatever you use for localhost, use below. After that, enter known ad servers and use your local IP (whichever you chose at the top). You can find maintained HOSTS files online or start to build your own. Here’s a little snippit of what my HOSTS file looks like:

127.0.0.1       localhost
127.0.0.1       92.132.206.rev.adknowledge.com
127.0.0.1       a-con1.adknowledge.com
127.0.0.1       a-lbs.adknowledge.com
127.0.0.1       a-pwr.adknowledge.com
127.0.0.1       a-sw1.adknowledge.com
127.0.0.1       aa1-1.adknowledge.com
127.0.0.1       aa1.adknowledge.com
127.0.0.1       aa2-1.adknowledge.com
127.0.0.1       aa2.adknowledge.com
127.0.0.1       aa3-1.adknowledge.com

Extra step: Windows XP/2000 only

In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]

Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file.

Disabling/Enabling the HOSTS blocking

If you ever need to disable the blocking, just rename the hosts file to anything. I usually rename it to hosts.disable. After you do that, you need to restart your browser to see the changes. To enable it again, just rename it back to hosts.

You could also write a script to do this for you. An example called disable.bat:

cd C:\WINDOWS\system32\drivers\etc && ren hosts hosts.disable

And another example called enable.bat:

cd C:\WINDOWS\system32\drivers\etc && ren hosts.disable hosts

More info about HOSTS

To get a HOSTS file already full of servers, you may go to MVPs.org. To learn more about the HOSTS file, check this site out; it’s where I learned about it. Also, I posted this tip a while back, at Of Zen and Computing.

Published in security windows

87 Comments

  1. Ramjit Ramjit

    about the web blocking, i tried it, but what if the ip chages? is there any solution to that?

    thank you

  2. plz u block web site

  3. I like it! I will try on my ccomputer now!

  4. hi, is it possible to use wildcards, or create on that has anything to do with bingo(trying to block it for a friend)

  5. hands hands

    works great for but fails to block sites accessed through IE, am I missing something.

  6. Mark Mark

    hands,
    Make sure you close all instances of IE and start it again.

  7. Terry Terry

    hi, ive tried doing it as followed to the instructions that you gave but nothing seems to be working. Im just wanting to block all this social sites like http://www.hi5.com, http://www.wayn.com, http://www.friendster.com, myspace and many more. To basically keep my kids from spending too much time on them and that i dont trust the friends that they are keeping in contact with. Ive done them according to the steps as provided but nothing seems to be working. Even after closing and restarting the IE or firefox again.

  8. Terry Terry

    ive tried doing and following the steps given above as stated…if there something that im doing wrong?

  9. Terry Terry

    still not working…ive tried it several times, i guess im not really much of a computer freak. please do guide me through…i have gone into the windows/system32/drivers/etc and into the hosts file to change it

    127.0.0.1 localhost
    127.0.0.1 http://www.hi5.com
    127.0.0.1 http://www.friendster.com
    127.0.0.1 http://www.skyblog.com
    127.0.0.1 hi5.com

    done and followed the whole entire steps of what was being taught if you wanted to add more
    Go to Start > Run > enter “services.msc” then hit [Enter]

    Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file. ( did all that as well) but somehow nothing seems to be working even though after i have closed and reopened the window.

    Guide me please..

  10. Terry Terry

    i just realise and forgot to ask, is there a way to enable and disable the way of using it? or do i just save it as it is and run from where i am. Do i have to go back into the dns client and click on start or change under the start-up type to automatic again and than click apply? i think ive basically tried everything i can…

    desperately need help..

    Thank u and sorry for being such a pain as im still learning…

  11. Roger Roger

    I have tried with with success for www. based sites, but how do I block a non-www site?

  12. Mark Mark

    Roger,
    Don’t you mean http, not www? Can you give an example?

  13. BooBooKittyFuc BooBooKittyFuc

    Roger,
    Don’t you mean http, not www? Can you give an example?

    ext.name.com/name.com

    127.0.0.1 ext.name.com
    127.0.0.1 name.com

  14. BigDaddy BigDaddy

    Instead of blocking certain sites, can a hosts file be configured to allow certain sites only……say I only want my kid to be able to see a handfull of sites and want the rest of the WWW cut off….can I do that?

  15. to tony,

    what you’ll need to do is this

    127.0.0.1 localhost

    127.0.0.2 hi5.com

    127.0.0.3 friendster.com

    127.0.0.4 skyblog.com

    127.0.0.5 enter another site.

    this will block entire websites.

  16. John Sutton John Sutton

    Hey there,
    I found the hosts file but cannot open it can you please help!

  17. Mark Mark

    John,
    Right-click the hosts file and choose Open. A box should pop up with a list of programs. Scroll down to Notepad or Wordpad and open with one of those.

  18. How can i block other my co-friendster.com

  19. doesnt work doesnt work

    It is not working still, just like terry said, i did everything. But still not blocking the website that i dont want : (
    Help!

  20. right click hosts file and open with, select from list and use notepad, noot scroll to 127.0.0.1 localhost, hit enter twice there must be a space between each entry. now to add myspace.

    127.0.0.1 l localhost

    127.0.0.1 http://www.myspace.com

  21. close web browser, and re-open, myspace is now blocked.
    sorry, should have added that to the above comment.

  22. gage gage

    You also have to make sure that you don’t save the hosts file as a .txt file. It can’t have any extension. If you don’t have Windows showing file extensions on your system, you can still change them by right-clicking, choosing Properties, and checking for and removing the extension there.

  23. nate nate

    The hosts file is really simple once you get the hang of it. One thing I am noticing is that there does not look like there are any spaces in the ip domain combo. So try this.

    A quick way to open it is this.

    click Start->Run

    in the blank type: notepad C:\WINDOWS\system32\drivers\etc

    This will open it in notepad.

    copy the following:

    127.0.0.5 myspace.com
    127.0.0.5 facebook.com
    127.0.0.5 anothersite.com
    127.0.0.5 hi5.com

    keep adding domains as you need. in notepad I use a tab between them not spacebars. Hosts files do not allow wildcard characters. To get into that level of blocking you need to have a router with a custom DNS table.

  24. nate nate

    hmmmmmmm it removed my spaces too… lets try spacebars here instead of tabs…

    127.0.0.5 site1.com
    127.0.0.5 site2.com

  25. nate nate

    point being….. put more space between the IP and the domain name

  26. Dan Dan

    Can I block by TLD, for example all .info sites?

  27. Mark Mark

    Hi Dan,
    The HOSTS file doesn’t support wildcards, so the answer is No. It would be nice to block something like *.myspace.com or *.info, etc, but it cannot be done.

  28. Dan Dan

    Thanks for the advice, Mark. At least now I can stop searching 🙂

  29. allana allana

    i did all the steps needed to block a website but i had a problem in saving it. it says “make sure that the path and file name is correct”

  30. Timothy Timothy

    I just updated my HOSTS file thanks to http://www.mvps.org. Wow, I sound like a commercial. heh..

    Whatever. So anyway, they have a HOST file you may download which has hundreds upon hundreds of hosts to be blocked not only for the purpose of blocking ads, but for security. Visit the following page for the wisdom! http://www.mvps.org/winhelp2002/hosts.htm

    Take your time there. There’s good knowledge on this page! It’s well worth the time you decide to spend. Their HOSTS file for download is inside of a ZIP file which has a batch file (.bat for those of you who don’t know yet) that, when opened, will backup and replace your existing HOSTS file for you.

    But for those of you who don’t want to lose what you already have in your HOSTS file, then check this out: I Copy/Pasted the content of their HOSTS file anyway because I had stuff in mine that wasn’t in theirs, and thus it would have been lost. And it was really easy. I put the cursor in front of the first entry (literally in front, on it’s far left side) in the really long list, then I pressed Shift+Ctrl+End in order to select everything from that point forward to the end so I could then go ahead and copy it. So then I pressed Ctrl+C to copy (if I pressed Ctrl+X, I would have cut the text, thus made a change, and I would have had to be bothered with the “Would you like the save the changes?” dialog box. No, thanks! heh).

    Then I did Alt+F4, pressed Enter for “Ok” to save changes, and I was done. I went back to surfing, and suddenly, I was ad-free. Whatta wonderful thing.

    Now to answer Ramjit, it’s simple: If their IP changes, the solution is simple: just add it to your HOSTS file (or replace the one which changed).

    Always remember that you’re the one in control. You’re the user. To the computer, you’re God. This perspective should help reduce such questions with obvious answers. 🙂 No offense intended here. I’m doing my personal best to help save you time.

    Enjoy your ad-free web-surfing! (although, it won’t be 100% ad-free. Some sites are clever like that).

  31. Hello sir,

    I opened host file in the following way in notepad

    c:\windows\system32\drivers\etc\host
    I entered as
    127.0.0.1 local host
    127.0.0.1 http://www.yahoomail.com.
    127.0.0.1 http://www.orkut.com.

    even though is not blocking the entered websites
    please help me.
    thank you
    meher

  32. Mark Mark

    Meher,

    localhost is one word. Also, make sure you don’t have periods at the end of each line. Enter root domains as well as www. sub-domains. For example, 127.0.0.1 yahoomail.com and 127.0.0.1 http://www.yahoomail.com

  33. Don’t put www in front of anything. Just whatever.TLD

  34. Ted Ted

    Hi,

    I was using Vim in WindowsXP to edit the host file. It was screwing up the new line or tab characters. Anyway, after nearly giving up, I tried Notepad and it worked. An example follows

    127.0.0.1 orkut.com

    127.0.0.1 http://www.orkut.com

    There is a tab between the host address and host name. Also, I used two newlines after each address, name pair.

    Hope it helps.

  35. Bob Bob

    Guys, try using 0.0.0.0 instead of 127.0.0.1

    For some odd reason, on some computers if you put 127.0.0.1 (local) it somehow resolves the proper i.p and goes out.

    If you set the website to 0.0.0.0 there is NO WAY it is going to resolve.

  36. bimble bimble

    Hiya,when I open the host file it says that its a sample host file???How do I get to an active one??I’ve searched and it comes up with two sample hosts???any help will be greatley appreciated…….

  37. I have Windows XP and Office 2000. There is one website that I can never connect to. Internet Explorer (7), shuts down as soon as I click on the site. I have tried doing this with the pop up blocker off but it makes no difference. I can never access this website. What do you think the reason might be please?

  38. LEE LEE

    Keeps saying “cannot create…..make sure path & filename is correct” & “not enough memory available to complete this operation. quit one of more applications to increase availabel memory and then try again.”

    i even tried the “extra step” for the DNS Client but keeps saying “unable to open DNScache for writing on Local Computer…Error5:Access Denied”

    PLEASE HELP!

  39. Joe Atama Joe Atama

    Just want to say Thanks! I been wanting to do this on my son’s computer for a while. It worked perfect!

  40. Star Star

    Hi,

    I’m using vista home premium, i go to system32/drivers/etc and then there is a ImHosts.sam file, a HOSTS file and a HOSTS backup file made by spybot search and destroy.

    Anyway my problem is that when i open the HOSTS file in notepad and put in

    127.0.0.1 (website)

    it wont let me save it..it says cannot create (path file name) make sure path and filename are correct

    this is all that is in the HOSTS file at the moment

    127.0.0.1 localhost
    ::1 localhost

    so basically it wont let me save the file. It works perfectly on XP when i do this so im really curious as to know why it aint working.

    Any of you pro’s know how to fix this?..the same question has been asked twice before but no one seems to have answered it!

    Thanks and i hope for a reply!

  41. Mark Mark

    Star, that’s an excellent question worthy of its own post. But before I write a post on it, let me explain. Vista’a UAC blocks your access to the HOSTS file since it’s a system file. To get around it, you can either completely turn off UAC and edit it normally, or… copy the HOSTS file to your desktop and edit the copy normally. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. It will ask if you want to overwrite the existing hosts file; say yes.

  42. TechnoGeek TechnoGeek

    If you cannot get it to work it is probably because that webpage is cached…

    In IE;
    Go to “Tools”
    “Internet Options”

    and remove the temporary files, close/reopen IE…

    Make sure you turn off you “DNS Client” in the services…

  43. Star Star

    Hi Mark

    I done what you said but drag and dropped it on the desktop..added in a random website and it worked perfectly. Good way of getting around the problem.

    How do you turn off the UAC?

    and what is the DNS client? not in really technical terms tho!

    i’ve seen a few people write about it..what happens when you turn it off or on etc

    i only came across this site by accident on google, searching for a way around that hosts problem. It’s great to learn new stuff about computers everyday!

    Thanks for your tips

  44. Star Star

    nevermind i know how to turn the UAC on/off now!

  45. Scott Scott

    I want to give access to only a small hand full of sites and restrict everything else. How do I do that?

  46. Shadow Shadow

    Hi Mark !

    i need to block an intranet site,that uses IP addr. , no name.

    i tried to block the site by editing host file as follows

    127.0.0.1 local host

    127.0.0.1 10.101.0.5 # this is the intranet site i need to block.

    But it does not working… ;( Can u give me a solution… plz…..

  47. Hey ..
    i need to block all the sites through Host file except our company site(for e.g: http://www.company.com). If any one could help me please reply for this comment

  48. Mark Mark

    Hey Shijin,

    You can’t do that with the HOSTS file. You’ll need to find some software (or hardware) alternative to content blocking.

  49. Hey Mark,

    yes i has implemented an IPCop Firewall in my office. This is perfect in blocking sites, getting logs ….etc.

    Anyway thanks for your reply

  50. Larry Larry

    A large hosts file only “bogs down” your Windows computer while it initially caches or periodically re-caches the records into memory. The last time I used hosts file for domain name blocking was on Windows 2000 and it’s default hosts file re-cache period was every 15 minutes (if I remember right). The machine would be very unresponsive for about 5 – 10 seconds every 15 mins. while it re-cached. I’m using XP Pro now and it crawled for about a minute when I first added your hosts file but has been running normally for at least 30 mins. now so maybe XP has a different hosts re-cache algorithm than 2000.

    I’m going to run this hosts file on my machine for a week and if it doesn’t affect performance then I’m pushing it out to all of my Active Directory workstations.

  51. Mark Mark

    Hi Larry,

    You might need to turn off the DNS Client — like I said above — in order to not deal with the “bog down” from the system. Also, I don’t know where your re-cache data is from, but from my experience, you just need to close your browser windows and re-open them.

  52. E E

    thx for this now i can get past my schools filter well disable it lol and it works lol my schools so dumb.

  53. Jahangir Jahangir

    Can i enable only some specific website?Please reply its urgent.

  54. anonclement anonclement

    i blocked a website for a while, using this method… and i would really like to unblock it now…
    if it’s possible can i delete the IP address and the page will be unblocked?
    i’ve tried deleteing and it tells me i don’t have access to do such task.
    help!

  55. bizarre bizarre

    i can block the site hi5.com. it only block hi5.com home page but the users can still access their account in hi5.com…when they type it opens…how can block the individual account on hi5.com

  56. mohib mohib

    Dear friend,
    i am using windows 2000 server (DHCP) and 25 clients
    please let me know,
    how i can alow few website access only.
    (means http://www.gmail.com, http://www.rediffmail.com) only two sites clients can access, rest of all sites need block.

    please help me.

    regards
    mohib

  57. Mark Hamon Mark Hamon

    Hey guys..don’t worry there is way to block internet…i my self tried at 127.0.0.1 and failed….try this method and will work!

    1) Go to LAN connection

    2) click it and go to properties

    3) double click Internet protocols(TCP/IP)

    4) Click “Use the following DNS sever”.Then enter this numbers:

    5) Prefered DNS SERVER: 127.0.0.1
    Alternet DNS server: 126.0.0.1

    Thats all and u will block internet.u want internet connection back just deleted these numbers and click obtain DNS server adress automatically!….have fun…..

  58. How can I disable all websites exept for websites that are needed at work? For example, if I need only gmail.com and verizonwireless.com, how can I get these to be the only ones that can be viewed by employees? Thank you. Your help is greatly appreciated.

  59. VibeTribe VibeTribe

    allthingsmarked says “Extra step: Windows XP/2000 only.
    In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]”

    My question is: Won’t disabling the DNS Client affect P2P apps like uTorrent?

  60. Jen Jen

    Is there a way to use hosts file to block craigslist personals but not the rest of the site?? Just want access to the raunchy personals….

  61. 123 123

    hosts can’t block ips. if you put ip into browser, browser won’t even lookup dns, doesn’t check hosts.
    instead, use Proxomitron killfile.
    adblock might also work.

    urls, or pages:
    proxomitron for sure will block pages on a site (eg, cl personals search, but cl urls for actual ads aren’t differentiable, so you need to write content filter. likely a bit of the actual ad will appear (top line only))
    adblocker should be able to block cl search urls, but couldn’t block certain cl ads.

  62. 123 123

    iirc, uTorrent uses ips, but that “(show country flag)” option i think must do reverse lookup. don’t know if that uses windows “dns client” service, but you could shutoff utorrent “flag” option. (that may not be the name of the option!)

  63. 123 123

    “can I disable all websites exept for websites that are needed at work?”
    that’s a “whitelist”.
    proxomitron will do that.
    appears adblock can. http://en.wikipedia.org/wiki/Adblock#History

  64. redrum redrum

    Okay when i 1st added the 2 sites i want to block under the localhost, it worked.

    2 days later i could open the pages without touching anything in the hosts.

    Help?

  65. can someone change my diaper!

  66. The furbie is out of the box!

  67. Crusty the Clown said hi!

  68. Sir! Can you help me? My Hosts file is broken!

  69. loony bill is in the house!

  70. The poop in my pants is wet!

  71. RYAN RYAN

    After you edit or modify your HOST File “block website” what you need to do is to clear all cache saved on your web browser then try again… 🙂

  72. can any one help me out, how to block the usb ports.
    there are 2 usb ports in my computer, and i want to block 2 outof 3

    pl help

  73. sunny sunny

    sorry, i mean there total no of usb ports are 3, from which i want to block 2 usb ports

    pl help

  74. Mark says:

    Below is your answer to star a while back…the problem is that I cannot save the notebook edits as a “file.” It will only save them as a “txt.” How can I change that?

    Star, that’s an excellent question worthy of its own post. But before I write a post on it, let me explain. Vista’a UAC blocks your access to the HOSTS file since it’s a system file. To get around it, you can either completely turn off UAC and edit it normally, or… copy the HOSTS file to your desktop and edit the copy normally. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. It will ask if you want to overwrite the existing hosts file; say yes.

  75. Tried savings it choosing the option of “All Files” and it still saved it as a .txt.

  76. Someone who knows Someone who knows

    You are an !d!ot:
    1. DNS service is Necessary to be on AUTO and activated.
    2. the HOSTS file, once saved, will translate “letter address” to “IP address”, using the DNS service it contacts your ISP (like aol) on port 53, in the background and finds out the real IP.

    this is May 2010, not 1998:
    you should use 0.0.0.0 as the ip not 127.0.0.1, because it conflicts with legitimate connections from Firefox, Chrome, Chromium, Opera and SeaMonkey Browsers, all of those hook up to the 127.0.0.1 for secondary connections and act as servers, to the localhost (whose IP is 127.0.0.1).

    to sum things up:
    use:
    0.0.0.0 ad.website.com
    which gives you immediately page-not-found internal error (GOOD!)
    and never stop the windows-DNS Service.

    ==============================================
    •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
    [3] this step is important to prevent DNS errors, do it every time you’ve modified and saved the HOSTS file:
    on XP right click the Icon of the Network-Card used for the internet, and select REPAIR this will clear old DNS table and reRegister the new ones, including the HOSTS file values.
    ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
    ==============================================

  77. omar omar

    tnx for the info..i already make changes in my settings on windows system 32…but….when i tried to type the website “farmville.com” in the URL for instance… it automatically loads up to the site itself..is there another way i can make changes for this please help me..tnx..

  78. Bas Bas

    Hi,

    I’am trying to block http://www.google.com and all other sites of google. But when i change the hosts file to:
    127.0.0.1 google.com

    It is still possible to go to the site maps.google.com and news.google.com.

    Is there a way to block everything before .google.com???
    Thnx

  79. Dear Friends,

    if i want to block all the internet execpt one website

    suppose i just use only google home page and i want to block al other websites and internet from my computer what can i do for it ???

    Regards,
    Baiiii

  80. marcus marcus

    is it possible to block an IP address using the hosts file?

    using AdBlock I discovered some annoying ads that use “http://#.#.#.#/” format… this is the example link:

    http://88.208.23.7/html/bottom_spot_0.a1.html?111

    I tried using:
    127.0.0.1 88.208.23.7
    0.0.0.0 88.208.23.7
    0 88.208.23.7

    but none had succes. Please help me blocking this kind of address

  81. Omid Omid

    How block ip addresses?
    127.0.0.1 XXX.XXX.XXX.XXX
    in this format? or …??

  82. Whatever your version of Windows, it is always in %windir%\system32\drivers\etc\

  83. khaled khaled

    i need block all internet sites

    and allow only one site

  84. loukik loukik

    hi i want both batch file which allow all certain websites & block i get the block websites but allow i didnt get is it possible to create batch file which allow also

Comments are closed.