Blocking a website using GPO or Firewall in windows server 2012Server 2012 Group Policy ScriptDirectAccess Server firewall rules blocking portsHide Network Icon in File Explorer on Server 2012Excluding a specific machine from Group Policy - Server Essentials 20122008 GPO not replicating on 2012 serverHow to change windows time server on windows server 2012?Set Windows default sound scheme using GPOWindows 8.1 IPSec by GPO - no firewall rules generatedHow to disable integrated Windows authentication Internet Explorer in Group Policy Management on Windows Server 2012?Windows Server 2012 Proxy Setting Using Group Policy
How to deal with employer who keeps me at work after working hours
Class Not Passing SObject By Reference
Is throwing dice a stochastic or a deterministic process?
How do I download programs on Linux?
Subnumcases as a part of align
What would happen if I combined this polymer and this metal (assuming I can)
Hostile Divisor Numbers
Antivirus for Ubuntu 18.04
What is a common way to tell if an academic is "above average," or outstanding in their field? Is their h-index (Hirsh index) one of them?
Can an earth elemental drag a tiny creature underground with Earth Glide?
What word describes the sound of an instrument based on the shape of the waveform of its sound?
Why can't argument be forwarded inside lambda without mutable?
All of my Firefox add-ons been disabled suddenly, how can I re-enable them?
How can I finally understand the confusing modal verb "мочь"?
Was there a dinosaur-counter in the original Jurassic Park movie?
In "Avengers: Endgame", what does this name refer to?
How did the Force make Luke hard to hit in the Battle of Yavin?
How to preserve a rare version of a book?
Can an Iranian citizen enter the USA on a Dutch passport?
Is crescere the correct word meaning to to grow or cultivate?
Make me a minimum magic sum
What do you call a painting painted on a wall?
How important are good looking people in a novel/story?
Why increasing of the temperature of the objects like wood, paper etc. doesn't fire them?
Blocking a website using GPO or Firewall in windows server 2012
Server 2012 Group Policy ScriptDirectAccess Server firewall rules blocking portsHide Network Icon in File Explorer on Server 2012Excluding a specific machine from Group Policy - Server Essentials 20122008 GPO not replicating on 2012 serverHow to change windows time server on windows server 2012?Set Windows default sound scheme using GPOWindows 8.1 IPSec by GPO - no firewall rules generatedHow to disable integrated Windows authentication Internet Explorer in Group Policy Management on Windows Server 2012?Windows Server 2012 Proxy Setting Using Group Policy
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
Using windows server 2012, How to block any specific website on all browser using group policy?
group-policy organizational-unit
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
add a comment |
Using windows server 2012, How to block any specific website on all browser using group policy?
group-policy organizational-unit
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
add a comment |
Using windows server 2012, How to block any specific website on all browser using group policy?
group-policy organizational-unit
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
Using windows server 2012, How to block any specific website on all browser using group policy?
group-policy organizational-unit
group-policy organizational-unit
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
asked Nov 9 '15 at 22:55
Haider BayatiHaider Bayati
1113
1113
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
The other answers here only prevent a user from accessing the website using the DNS name, they don't stop them from accessing it via IP address. Users are often more crafty than you think.
If you're going to assume the website has a fixed IP address (which isn't true for a lot of sites using geolocated web hosts and content distribution networks), the better option is simply to add an outbound block rule in Windows firewall for the IP addresses in question. This blocks a user using either the name or IP.
You can easily use Group Policy to deploy rules to Windows Firewall on all of your client systems.
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
1
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
add a comment |
The problem you will find here is that Group Policy Objects will work on Internet Explorer but not other browsers such as Firefox and Chrome.
You probably could push out a Firewall Policy but the best bet is it use DNS to block the site. I've done it before and it works great.
Use DNS to Block a Website
This is assuming you are running a domain, which I would guess you are because of mention to group policy. Also the client machines will be using your domain DNS servers.
- Open the DNS from MMC or log into Domain Controller and open DNS
- Right Click Forward Lookup Zones -- New Zone
- Primary Zone
- To all DNS servers running on domain controllers in this domain (or forest if you have a forest)
- Zone name will be the DNS name of the site, example: facebook.com (note there is no www)
- Do not allow Dynamic Updates
Add Records to the new Zone
- You will see the new zone under Forward Lookup Zones
- Right Click the zone -- New Host (A or AAAA)
- Leave Name Field Blank
- IP Address - 127.0.0.1 (will redirect back to themselves)
- Add Host
- Repeat steps 2 - 5 for subdomains, add www or apps in the Name Field
Adding a Blocked Message
If your keen you could build a local webserver and create a custom block message using HTML, then instead of using 127.0.0.1 in the IP Address, put the IP address of the web server. They will try to go to facebook.com but get displayed your block message. I used to have a photo of Chuck Norris giving a thumbs up as part of my blocked message. Got a few strange phone calls...
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
add a comment |
You can use the hosts file to block out certain websites. Create a group policy to update C:WindowsSystem32driversetchosts
Then follow the guide here
edited Mar 20 '17 at 10:16
Community♦
1
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f735100%2fblocking-a-website-using-gpo-or-firewall-in-windows-server-2012%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
The other answers here only prevent a user from accessing the website using the DNS name, they don't stop them from accessing it via IP address. Users are often more crafty than you think.
If you're going to assume the website has a fixed IP address (which isn't true for a lot of sites using geolocated web hosts and content distribution networks), the better option is simply to add an outbound block rule in Windows firewall for the IP addresses in question. This blocks a user using either the name or IP.
You can easily use Group Policy to deploy rules to Windows Firewall on all of your client systems.
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
1
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
add a comment |
The other answers here only prevent a user from accessing the website using the DNS name, they don't stop them from accessing it via IP address. Users are often more crafty than you think.
If you're going to assume the website has a fixed IP address (which isn't true for a lot of sites using geolocated web hosts and content distribution networks), the better option is simply to add an outbound block rule in Windows firewall for the IP addresses in question. This blocks a user using either the name or IP.
You can easily use Group Policy to deploy rules to Windows Firewall on all of your client systems.
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
1
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
add a comment |
The other answers here only prevent a user from accessing the website using the DNS name, they don't stop them from accessing it via IP address. Users are often more crafty than you think.
If you're going to assume the website has a fixed IP address (which isn't true for a lot of sites using geolocated web hosts and content distribution networks), the better option is simply to add an outbound block rule in Windows firewall for the IP addresses in question. This blocks a user using either the name or IP.
You can easily use Group Policy to deploy rules to Windows Firewall on all of your client systems.
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
The other answers here only prevent a user from accessing the website using the DNS name, they don't stop them from accessing it via IP address. Users are often more crafty than you think.
If you're going to assume the website has a fixed IP address (which isn't true for a lot of sites using geolocated web hosts and content distribution networks), the better option is simply to add an outbound block rule in Windows firewall for the IP addresses in question. This blocks a user using either the name or IP.
You can easily use Group Policy to deploy rules to Windows Firewall on all of your client systems.
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
edited Nov 11 '15 at 16:10
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
answered Nov 11 '15 at 15:34
tfrederick74656tfrederick74656
1,27711027
1,27711027
1
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
add a comment |
1
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
1
1
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
Multiple websites are often hosted behind a single IP. Thus blocking the IP will block everything hosted at that location.
– user2320464
Oct 15 '16 at 16:40
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
At the same time, you may also have multiple IPs for the same website, depending on which loadbalancer or endpoint they are accessing (if any). Blocking an IP also doesn't protect against future IP changes, so it might be feasible to design a script to poll the domain name for the latest IP address every so often.
– 1234567
Apr 17 '17 at 2:56
add a comment |
The problem you will find here is that Group Policy Objects will work on Internet Explorer but not other browsers such as Firefox and Chrome.
You probably could push out a Firewall Policy but the best bet is it use DNS to block the site. I've done it before and it works great.
Use DNS to Block a Website
This is assuming you are running a domain, which I would guess you are because of mention to group policy. Also the client machines will be using your domain DNS servers.
- Open the DNS from MMC or log into Domain Controller and open DNS
- Right Click Forward Lookup Zones -- New Zone
- Primary Zone
- To all DNS servers running on domain controllers in this domain (or forest if you have a forest)
- Zone name will be the DNS name of the site, example: facebook.com (note there is no www)
- Do not allow Dynamic Updates
Add Records to the new Zone
- You will see the new zone under Forward Lookup Zones
- Right Click the zone -- New Host (A or AAAA)
- Leave Name Field Blank
- IP Address - 127.0.0.1 (will redirect back to themselves)
- Add Host
- Repeat steps 2 - 5 for subdomains, add www or apps in the Name Field
Adding a Blocked Message
If your keen you could build a local webserver and create a custom block message using HTML, then instead of using 127.0.0.1 in the IP Address, put the IP address of the web server. They will try to go to facebook.com but get displayed your block message. I used to have a photo of Chuck Norris giving a thumbs up as part of my blocked message. Got a few strange phone calls...
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
add a comment |
The problem you will find here is that Group Policy Objects will work on Internet Explorer but not other browsers such as Firefox and Chrome.
You probably could push out a Firewall Policy but the best bet is it use DNS to block the site. I've done it before and it works great.
Use DNS to Block a Website
This is assuming you are running a domain, which I would guess you are because of mention to group policy. Also the client machines will be using your domain DNS servers.
- Open the DNS from MMC or log into Domain Controller and open DNS
- Right Click Forward Lookup Zones -- New Zone
- Primary Zone
- To all DNS servers running on domain controllers in this domain (or forest if you have a forest)
- Zone name will be the DNS name of the site, example: facebook.com (note there is no www)
- Do not allow Dynamic Updates
Add Records to the new Zone
- You will see the new zone under Forward Lookup Zones
- Right Click the zone -- New Host (A or AAAA)
- Leave Name Field Blank
- IP Address - 127.0.0.1 (will redirect back to themselves)
- Add Host
- Repeat steps 2 - 5 for subdomains, add www or apps in the Name Field
Adding a Blocked Message
If your keen you could build a local webserver and create a custom block message using HTML, then instead of using 127.0.0.1 in the IP Address, put the IP address of the web server. They will try to go to facebook.com but get displayed your block message. I used to have a photo of Chuck Norris giving a thumbs up as part of my blocked message. Got a few strange phone calls...
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
add a comment |
The problem you will find here is that Group Policy Objects will work on Internet Explorer but not other browsers such as Firefox and Chrome.
You probably could push out a Firewall Policy but the best bet is it use DNS to block the site. I've done it before and it works great.
Use DNS to Block a Website
This is assuming you are running a domain, which I would guess you are because of mention to group policy. Also the client machines will be using your domain DNS servers.
- Open the DNS from MMC or log into Domain Controller and open DNS
- Right Click Forward Lookup Zones -- New Zone
- Primary Zone
- To all DNS servers running on domain controllers in this domain (or forest if you have a forest)
- Zone name will be the DNS name of the site, example: facebook.com (note there is no www)
- Do not allow Dynamic Updates
Add Records to the new Zone
- You will see the new zone under Forward Lookup Zones
- Right Click the zone -- New Host (A or AAAA)
- Leave Name Field Blank
- IP Address - 127.0.0.1 (will redirect back to themselves)
- Add Host
- Repeat steps 2 - 5 for subdomains, add www or apps in the Name Field
Adding a Blocked Message
If your keen you could build a local webserver and create a custom block message using HTML, then instead of using 127.0.0.1 in the IP Address, put the IP address of the web server. They will try to go to facebook.com but get displayed your block message. I used to have a photo of Chuck Norris giving a thumbs up as part of my blocked message. Got a few strange phone calls...
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
The problem you will find here is that Group Policy Objects will work on Internet Explorer but not other browsers such as Firefox and Chrome.
You probably could push out a Firewall Policy but the best bet is it use DNS to block the site. I've done it before and it works great.
Use DNS to Block a Website
This is assuming you are running a domain, which I would guess you are because of mention to group policy. Also the client machines will be using your domain DNS servers.
- Open the DNS from MMC or log into Domain Controller and open DNS
- Right Click Forward Lookup Zones -- New Zone
- Primary Zone
- To all DNS servers running on domain controllers in this domain (or forest if you have a forest)
- Zone name will be the DNS name of the site, example: facebook.com (note there is no www)
- Do not allow Dynamic Updates
Add Records to the new Zone
- You will see the new zone under Forward Lookup Zones
- Right Click the zone -- New Host (A or AAAA)
- Leave Name Field Blank
- IP Address - 127.0.0.1 (will redirect back to themselves)
- Add Host
- Repeat steps 2 - 5 for subdomains, add www or apps in the Name Field
Adding a Blocked Message
If your keen you could build a local webserver and create a custom block message using HTML, then instead of using 127.0.0.1 in the IP Address, put the IP address of the web server. They will try to go to facebook.com but get displayed your block message. I used to have a photo of Chuck Norris giving a thumbs up as part of my blocked message. Got a few strange phone calls...
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
answered Nov 10 '15 at 1:22
tyelfordtyelford
205111
205111
add a comment |
add a comment |
You can use the hosts file to block out certain websites. Create a group policy to update C:WindowsSystem32driversetchosts
Then follow the guide here
edited Mar 20 '17 at 10:16
Community♦
1
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
add a comment |
You can use the hosts file to block out certain websites. Create a group policy to update C:WindowsSystem32driversetchosts
Then follow the guide here
edited Mar 20 '17 at 10:16
Community♦
1
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
add a comment |
You can use the hosts file to block out certain websites. Create a group policy to update C:WindowsSystem32driversetchosts
Then follow the guide here
edited Mar 20 '17 at 10:16
Community♦
1
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
You can use the hosts file to block out certain websites. Create a group policy to update C:WindowsSystem32driversetchosts
Then follow the guide here
edited Mar 20 '17 at 10:16
Community♦
1
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
edited Mar 20 '17 at 10:16
Community♦
1
edited Mar 20 '17 at 10:16
Community♦
1
edited Mar 20 '17 at 10:16
Community♦
1
1
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
answered Nov 11 '15 at 15:43
lbanzlbanz
76931224
76931224
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f735100%2fblocking-a-website-using-gpo-or-firewall-in-windows-server-2012%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
