Q: How can I prevent Microsoft Internet Explorer (IE) users from accessing certain websites without deploying special software?

A: You can use IE’s built-in Content Advisor to prevent users from accessing specific websites. Content Advisor offers an interesting alternative to investing in a third-party solution to block URL access, or to blocking access on your organization’s Internet-facing firewalls, proxy servers, or content scanning servers.
You can access Content Advisor’s settings from the Content tab in IE’s Internet Options. If you click Enable in the Content Advisor section, IE will open the Content Advisor configuration options. To prohibit access to a given URL, click the Approved Sites tab, enter the URL in the Allow this website box , and click the Never button. This action will add the site to the list of prohibited websites, as shown in Figure 1 for www.contoso.com and www.toysrus.com. Note that enabling the Content Advisor setting will also require you to set a supervisor password.

You can also centrally control Content Advisor settings for IE users in your Windows domain using Group Policy Object (GPO) settings. You can find the Content Advisor settings in Group Policy Editor (GPE) in the User Configuration\Windows Settings\Internet Explorer Maintenance\Security container. The Content Advisor settings are located under the Security Zones and Content Ratings GPO.

Configuring the Content Advisor GPO setting is slightly different from how you configure other GPO settings: Instead of configuring the Content Advisor settings in GPE directly, you must import them from a computer that’s already configured. GPE walks you through the process of importing the Content Advisor settings, as shown in Figure 2.

Note that there are ways around this block, such as looking at cached search engine results. Also, Content Advisor settings don’t stop a user from loading a different browser to look at blocked sites. If you’re using Windows Vista’s Home Basic, Home Premium, or Ultimate versions, consider using Vista’s built-in parental controls to prevent users from viewing specific websites instead

Another way to block access to specific websites is by using the little-known Route command. The Route command is available on every Windows system and can be used to modify the local IP network routing table. When you type a URL in your browser, Windows uses the local routing table as a network map to determine where to send the packet. In most cases, the routing table directs the packet to a default gateway, which then sends it out to another network or the Internet. Using the Route command, you can configure the routing table so that Windows will send the packets that are addressed to certain websites or IP addresses to a dead end. To the user it will appear the website doesn’t exist or isn’t accessible.

To use Route in this way, you must know the IP address of the website to which you want to block access. You must also know an IP address within your local network subnet that isn’t in use to use as the “dead end” IP address. For example, if the IP address of the website you want to block access to is, and the dead-end IP address on your local subnet is, then you would use the following command:

route -p add mask
TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.