Blocking *.example.com at the OS (Windows) level

Question

For privacy and performance reasons, I'd like to prevent my computer from ever communicating with certain Internet hosts. I'd like to do this at the OS level, not through web browser plug-ins (not broad enough), or even through my home router (my laptop travels). I'd prefer to use built-in tools.

I'm running Windows 7 Professional 64-bit. I'm all too familiar with the Windows hosts file - and its limitations. There seems to be some confusion over whether hosts supports wildcards, but my own tests confirm that it does not.

I have experimented with Windows Firewall and the IP Security Policy MMC snap-in. So far as I can tell, both require numeric addresses. I don't want to block specific IP addresses, or ranges of addresses, in part because IP-address-to-hostname mappings can and do change.

Is there any tool in Windows 7 Professional with which I can block (or route to 0.0.0.0) communication with Internet hosts by hostname mask? If not, are there any good, free, third-party tools?

Moab · Answer 1 · 2010-08-30T01:51:53.410

3

Try an IP blocker

http://blocklistpro.com/download-center/protowall/

There are many other IP blockers available, most allow you to make your own block lists and allow for ip ranges

Some do not work with W7 very well, do your homework.

edited Aug 30 '10 at 01:51

answered Aug 30 '10 at 01:39

Moab

58,769

score 3 · Accepted Answer · answered Aug 30 '10 at 01:53

The "easiest" way to do this would be to run your own DNS server and add primary zones for the domain(s) you want to block. You wouldn't even need to create 'A' records. any references to hosts within the zone (domain) would be returned unresolved by your DNS server. Posadis is one freeware/open source DNS available that runs under Windows (though I have not used is personally). Of course, if you have just about any version of Windows Server running anywhere, you can use Microsoft's DNS server.

One side "benefit" of this solution is that you could (if you wanted to) redirect requests to the "banned" domains to an internal "not allowed" web page.

score 2 · Answer 3 · answered Aug 30 '10 at 02:26

Taking over the DNS resolver functions is a good solution. You may want to sign up for an account at OpenDNS and hard code the DNS server settings in Windows to use OpenDNS as your resolver. They allow you to enter domains that will always be blocked. Sign up is free but a small fee gets you extra features.

score 1 · Answer 4 · answered Aug 30 '10 at 03:04

1

Use OpenDNS. They can do category filtering('Nudity', 'Pornography', 'Gambling', 'Adware', etc) in addition to individual domains. Downside is that it requires a little extra setup on the server side for dynamic updates, but it is documented here.

answered Aug 30 '10 at 03:04

Kevin M

2,614

Blocking *.example.com at the OS (Windows) level

4 Answers4

Related