I want to block certain websites on this computer. That should be a piece of cake for a firewall. But the variety of advice found in this forum for how to do that is anything but a piece of cake. These answeres talk about TCP/IP, ports, hosts, DNS numbers and all kinds of arcane technogeek stuff. Good grief!
The best answer I found was here: https://forums.comodo.com/empty-t36017.0.html;msg256206#msg256206.
Result: it blocks the essential part of the webpage, but all the advertising is still there, along with a fair bit of text from the page. So it’s not good enough.
The procedure should be simple:
From the menu, choose “Block website.”
[It’s OK if the menu choice is several layers deep, as long as the Help file tells users exactly where to find it.]
Enter the URL.
Click “OK.”
There should be an option: “Block just this webpage, or all webpages under this address?”
This blocking action should also be password protected. The simplest thing would be to apply the password to the entire CIS program and all its settings. Once you get into separate passwords for separate sections of the program, it gets cumbersome, both for the user (to remember all those passwords) and for the programmer.
If you want this right away, you could try OpenDNS. You can block access to any site you wish. And if you have multiple systems, a single block would work for all machines on your network.
It is. While it’s not as east as “click to block this”, it’s not that much harder.
To achieve this we need to
A) Create a zone that lists the web sites you want blocked
B) Set up a single rule the BLOCKS all attempts at accessing the sites in the BLOCK zone
Step by step instructions are as follows;
Open CIS
Click FIREWALL and select MY NETWORK ZONES
Click ADD → A NEW NETWORK ZONE
Give the zone a meaningful name - like BLOCKED
The BLOCKED zone will now appear at the bottom of the zone list window
Click once on the BLOCKED zone to select it and the click ADD → A NEW ADDRESS
In the NEW ADDRESS window, select A HOST NAME and enter the URL of the website you want blocked
Click APPLY. This site is now added to the zone BLOCKED
8a. To add more sites, repeat steps 6, 7 and 8
When you are finished adding sites to the zone, click APPLY
At this point we have defined the sites we want blocked. The next step to set up a BLOCK rule that uses this zone.
Use the following parameters;
Action : BLOCK
Protocol : TCP or UDP
Direction : IN/OUT
Description : BLOCKED WEBSITES
Source Address : ZONE → Select the ZONE name we defined in step 4
Destination Address : ZONE → Select the ZONE name we defined in step 4
Source Port : ANY
Destination Port : ANY
Click APPLY
In the GLOBAL RULES window, click our new rule and use the MOVE UP button to move this new rule to the top of the list
(Global rules are “read” top to bottom, so our rule must be above any other rule that will allow the traffic)
Click APPLY
The websites listed in the BLOCKED zone should now be unreachable.
As and when you want to block more sites, simply repeat steps 1, 2, 6 ,7 and 8. As our rule is based on a ZONE, all we need to do is modify the ZONE. The GLOBAL RULE does not require modification once set up…
This blocking action should also be password protected. The simplest thing would be to apply the password to the entire CIS program and all its settings. Once you get into separate passwords for separate sections of the program, it gets cumbersome, both for the user (to remember all those passwords) and for the programmer.
As far as I understand, OpenDNS allows one to block an entire domain, but not individual websites. Please correct me if I’m wrong, and provide link to the OpenDNS knowledgebase/forum which shows me how to do this.
Yes, it blocks by domain. I don’t see the utility of wanting to access various sites on a questionable domain, but if that’s what you want to do, you can use the AdBlock Plus extension in Firefox. You could add a site name as a filter and it will block that site.
Thanks, HeffeD, for your valiant attempts to help me. I appreciate it!
There are other reasons for blocking a website than the entire domain being questionable:
A webhosting company may have user-created sub-domains by many different people, and one doesn’t want to block them all;
A company/person might have many excellent sections on their website, but a few places which are not appropriate;
Similar to # 2, a website might have a “paid access” section which one wants blocked.
I could go on, but the point is: one size does not fit all.
AdBlock Plus is a fine tool, but it is not designed for site blocking. From their FAQ page, FAQ - Advanced functionality
“Why was “Site blocking” removed?
Site blocking was a feature in Adblock 0.5 that allowed filters to be applied to web pages as a whole and prevent you from navigating to a page that matched some filter on your list. The main reason why this function wasn’t kept in Adblock Plus 0.6 is: preventing you from seeing a page you explicitly requested doesn’t have much to do with ad blocking.”
It goes on to suggest another extension “BlockSite,” but that programmer clearly says it is not secure and can easily be disabled.
And finally, this is all reinforcing my original point: What I’m suggesting should be dead simple for a firewall, without extra extensions and programming.
Well, I tried it, but it didn’t work for me. I even rebooted, and the unwelcome website is still accessible.
Thanks for your help. As with HeffeD, the complexity of your answer just reinforces the point of my suggestion: this should be laughably simple for a firewall.
As I noted above, I followed Ewen’s method, and that didn’t work (for me, anyway).
I tried HeffeD’s suggestion, of using OpenDNS to block the entire gauss2001.com domain – but that didn’t work, either! (I successfully use OpenDNS to block other domains, so I know it normally works.)
What panic said is basically right, but I would suggest using MY BLOCKED NETWORK ZONES instead of MY NETWORK ZONES, if I’m not mistaken. The former one blocks all access to hosts/IPs listed whereas the latter one needs to be associated with an application and a rule.
So, for global blocking, try MY BLOCKED NETWORK ZONES.
While it’s not as east as “click to block this”, it’s not that much harder.