Link to home
Create AccountLog in
Avatar of LaserAdmin
LaserAdmin

asked on

How to mod hosts file to allow only some sites

I need to modify hosts file in windows to allow only 3 sites that i add and block all other
i was googling a lot and haven't found any solution.all solutions that i saw are based on creating a big list of sites to be blocked but that is not what i need
i need blocked all but those 3
cant do it in internet explorer settings because there are some other browsers on the pc and settings wont work on them
also solutions i found here don't explain how to do it..
anyone can help me here ?
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

Personally I think it would be easier to set this up on your gateway (router/firewall/etc.)
But of course that depends if the hardware is able to.
You can add a list of sites which you want to block in host file and all the other sites will be allowed by default.
 ->To block a website in host file u can jus add 127.0.0.1 www.google.com.
Note : If you add several websites to your host file,  and if the hosts file is huge, it  tends to slow down your browsing a lot.
So the best option would be to use Open DNS .
Link :  http://www.opendns.com/start/
Avatar of LaserAdmin
LaserAdmin

ASKER

Nah u dont understand what am trying to do

i need to allow only 3 sites that are used by company and block rest of the internet in like 4 offices in my company that are in different towns

so from those pc they cant open anything else but those 3 sites not even google.
You can not do that with a HOST file.  Simple as that.

It has to a a Firewall device/machine.  Does not matter if it is NAT based or Proxy based,...but it has to be a Firewall Product.
ASKER CERTIFIED SOLUTION
Avatar of byfour
byfour
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Actually, OpenDNS is a good solution for this if you can't/won't do hardware solution. OpenDNS can block all sites by configuring the dns to only foreword to the sites you choose. That was a very good solution. Using the host file will make your DNS resolution a lot slower the larger the host file is. So using the host file is actually frowned upon and should not be used as a "Filter".  I take it your coder, so I would just take his answer with openDNS it will do wonders for your purpose. If you don't want that approach then you can use application locker that is built into windows to restrict usage to a single browser and filter using a proxy (usually if you use this method the proxy box is greyed out in Internet options) so the users can't change the settings unless they have have the rights. If they do you can also restrict access to that registery item preventing them from changing that property. There are a lot of neat ways to do this just need to find out what one works for you. I haven't seen any real requirements on your end, so it's kind of hard to judge your real needs.
I tried openDNS but didn't found a way to block all and allow only small whitelist of sites
can you please instruct me how to do that
No, OpenDNS (although a great service, and I use them) will not do what you are wanting the way you are wanting it.
In that case you can download and install Windows Live Family Safety
Download Link

How to Block Everything & Only Allow a Handful of Sites in Windows Live Family Safety
openDNS have whitelist only but on payed plan

i need a free solution
for now k9 works best
I don't have the Paid Plan,...and I have the White List.   But that is Still not the solution.  The Whilte List is not Exclusive,...it is only Supplementary,...meaning it is only an "over ride" for the other restrictions,...but there are no other restirction that says "Block all Sites" that you would apply the White List against.  The closest you can come is to Enable every Catagory Listed as being blocked then Apply the White list.

Also OpenDNS would be Global for the LAN,...there is no way to apply different settings to different users.

Just save yourself a lot of trouble,... and just face the reality,... that you are going to have to buy a quality firewall Product of some kind,...and go buy one.
another way is to not use dns (or put something like 127.0.0.1 as the dns) at all.. and in the hosts file just have the ip address of the allowed sites.
Yea, that would work if there was no AD.
use a separate DNS for the machines you want to lock down or turn off forwarders.
WHERE did the author even mention AD ? you know something that is not publicly available?
Tested all solutions from all answers and K9 works best for what i need allow only specific sites based on time protection though but u can set time protection for the working hours in company
ve3ofa:
WHERE did the author even mention AD ? you know something that is not publicly available?


Quoteing my own statement that you seem to have a problem with:.....

Yea, that would work IF there was no AD.
There is a way based off of this same idea that I thought of on the IF (IF, IF, IF) there was AD.

1. Point all machines' DNS Settings on the LAN to the AD/DNS and nothing else (should already be that way anyway)
2. Do not give the DC any General Forwarders, leave it blank
3. Create Conditional Forwarders for the chosen "White Listed" Domains.
4. This would allow AD to function, but would be Global in nature and would not allow different settings for different users
To Experts-Exchange,....get a stinking Editor abiltiy for these posts so we can go back and correct Typos when errors are noticed after it has already been submitted.  Some errors can make a post say something completely different than intended and there is no way to correct it,...and everybody makes errors from time to time.    Every other Forum system that I am active in has that.
pwindell:
There is a way based off of this same idea that I thought of on the IF (IF, IF, IF) there was AD.

1. Point all machines' DNS Settings on the LAN to the AD/DNS and nothing else (should already be that way anyway)
2. Do not give the DC any General Forwarders, leave it blank
3. Create Conditional Forwarders for the chosen "White Listed" Domains.
4. This would allow AD to function, but would be Global in nature and would not allow different settings for different users


Actually may have to give it a fake General Forwarder so that it doesn't default to using "Root Hints".   Of course this is all a theory,...uncharted ground,...not something I would ever really want to do,...only suggested as a possibility