Why can't I block Facebook using /etc/hosts on Mountain Lion (OS X)?

34

7

It worked for a while in the old configuration, but then stopped working for some reason.

Here is my /etc/hosts file from my Mountain Lion MacBook Air:

127.0.0.1 reddit.com www.reddit.com
127.0.0.1 facebook.com www.facebook.com
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1       localhost
255.255.255.255 broadcasthost
::1             localhost
fe80::1%lo0     localhost

This blocks Reddit,but not Facebook.

I've tried flushing the DNS cache for the machine ("sudo killall -HUP mDNSResponder"), the bowsers (FF and Chrome) and I've tried restarting the computer.

And I've moved the entries to the top of the file on the advice of this article, but it didn't work before when it was at the bottom either. Each time it would block Reddit but not Facebook.

seanieb

Posted 2013-02-01T00:32:47.960

Reputation: 549

2That is odd. It also didn't work for me - I wonder if it has to do with ML's facebook integration. I'm pondering how to test that theory. – Jerry Seeger – 2013-02-01T00:52:31.790

1Searching the system folder for all mention of facebook.com found (among others) /System/Library/Caches/com.apple.internetaccounts.domainscache.plist which looked to my eye like the most likely culprit. I haven't tried messing with it, but it might be what you're looking for. I'd be really cautious, though. – Jerry Seeger – 2013-02-01T01:10:13.473

1I would agree with @JerrySeeger that's it's probably a function of the Facebook integration. That said, why are you blocking sites with such a fickle method? If you want to control internet access, get a proxy. – ta.speot.is – 2013-02-03T06:26:48.620

I only want to block it as it ruins my productivity during the day. It's not that big a deal, but more importantly I am very curious about the technical reasons I cant block it. – seanieb – 2013-02-03T07:24:08.227

In the spirit of "get a real proxy", take a look at LittleSnitch. It's payware (with a trial), but it's a really nice network/URI filtering app for OSX. You can set its filters to run on a schedule (i.e. block facebook between 8am and 5pm). And there's nothing so low-level that LittleSnitch won't block it if you ask nicely. – Zac B – 2013-02-03T07:57:07.423

I'm not looking for a proxy. – seanieb – 2013-02-03T10:31:23.577

1What happens on dig facebook.com or nslookup facebook.com? – JohannesM – 2013-02-04T22:54:29.593

Answers

43

harrymc is close but for some reason OS X (as of 10.8.2) doesn't respect the IPv6 loopback address of ::1 (probably a bug), so you have to use fe80::1%lo0. The reason you need to block IPv6 is because Facebook will serve you their site over V6 if your ISP supports it. You can easily verify this by installing a browser plugin that displays an icon when a site is being served via IPv6. The reason this wasn't a problem for you before is because Facebook likely only recently started serving their site over IPv6.

So the correct answer is:

# Block Facebook IPv4
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   login.facebook.com
127.0.0.1   www.login.facebook.com
127.0.0.1   fbcdn.net
127.0.0.1   www.fbcdn.net
127.0.0.1   fbcdn.com
127.0.0.1   www.fbcdn.com
127.0.0.1   static.ak.fbcdn.net
127.0.0.1   static.ak.connect.facebook.com
127.0.0.1   connect.facebook.net
127.0.0.1   www.connect.facebook.net
127.0.0.1   apps.facebook.com

# Block Facebook IPv6
fe80::1%lo0 facebook.com
fe80::1%lo0 login.facebook.com
fe80::1%lo0 www.login.facebook.com
fe80::1%lo0 fbcdn.net
fe80::1%lo0 www.fbcdn.net
fe80::1%lo0 fbcdn.com
fe80::1%lo0 www.fbcdn.com
fe80::1%lo0 static.ak.fbcdn.net
fe80::1%lo0 static.ak.connect.facebook.com
fe80::1%lo0 connect.facebook.net
fe80::1%lo0 www.connect.facebook.net
fe80::1%lo0 apps.facebook.com

Jesse Endahl

Posted 2013-02-01T00:32:47.960

Reputation: 546

3it worked after I quit restart safari – Mujah Maskey – 2014-09-29T05:03:52.347

3Hi Jesse, I copy pasted everything into my /etc/hosts and I still can get to facebook. Am I still missing something? – gruszczy – 2013-10-23T06:01:48.987

doesn't work for me eider. I tried to block it in my router too, other sites are blocked fine, but not Facebook – adrianTNT – 2014-05-28T12:08:13.517

5

Try adding following line in /etc/resolv.conf

lookup file, bind

This should force OS X to use /etc/hosts before dns. The only problem is if you use dhcp, this file will be overwrote each reboot.

John Siu

Posted 2013-02-01T00:32:47.960

Reputation: 4 957

4

I've been stomped by this too. I like to do only the necessary steps and hack only the necessary configuration files and nothing more. Here's a summary of what works and what doesn't, what's necessary or isn't, as of today:

  • @jesse-endahl's hack works exactly. Need to use fe80::1%lo0 for the IPv6 loopback, the entries for ::1 seem to be ignored.

  • sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder -- not needed

  • Adding lookup file, bind in /etc/resolv.conf -- not needed

An important thing to keep in mind when testing this is that some application have their own DNS cache. For example the Chrome browser: it doesn't make sense to lookup IP addresses on every page reload, if the IP of facebook.com was 173.252.110.27 a minute ago it should still be the same now, right? This makes it hard to test things, because it takes a couple of minutes for Chrome to expire its cache. Unless you know a method to expunge it.

One testing method that worked well for me is using the New Incognito Window feature of Chrome. Every time you change something in /etc/hosts, open a new incognito window to view the result, and it should work immediately. The non-incognito windows will work too, eventually, it just takes a couple of minutes.

janos

Posted 2013-02-01T00:32:47.960

Reputation: 2 449

3

Mac OS X El Capitan: Version 10.11.5

Safari: 9.1.1

I had to use a combination of all the above answers to be able to finally block Facebook. Here are the contents of my /etc/hosts file:

# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1   localhost
255.255.255.255 broadcasthost
::1             localhost
# Block Facebook
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   login.facebook.com
127.0.0.1   www.login.facebook.com
127.0.0.1   fbcdn.net
127.0.0.1   www.fbcdn.net
127.0.0.1   fbcdn.com
127.0.0.1   www.fbcdn.com
127.0.0.1   static.ak.fbcdn.net
127.0.0.1   static.ak.connect.facebook.com
127.0.0.1   connect.facebook.net
127.0.0.1   www.connect.facebook.net
127.0.0.1   apps.facebook.com
fe80::1%lo0 facebook.com
fe80::1%lo0 login.facebook.com
fe80::1%lo0 www.login.facebook.com
fe80::1%lo0 fbcdn.net
fe80::1%lo0 www.fbcdn.net
fe80::1%lo0 fbcdn.com
fe80::1%lo0 www.fbcdn.com
fe80::1%lo0 static.ak.fbcdn.net
fe80::1%lo0 static.ak.connect.facebook.com
fe80::1%lo0 connect.facebook.net
fe80::1%lo0 www.connect.facebook.net
fe80::1%lo0 apps.facebook.com
::1 www.facebook.com
::1 facebook.com
::1 login.facebook.com
::1 www.login.facebook.com
::1 fbcdn.net
::1 www.fbcdn.net
::1 fbcdn.com
::1 www.fbcdn.com
::1 static.ak.fbcdn.net
::1 static.ak.connect.facebook.com
::1 connect.facebook.net
::1 www.connect.facebook.net
::1 apps.facebook.com

And weirdly.. this worked!

Steps:

  1. On your terminal, run sudo vi /etc/hosts or sudo pico /etc/hosts

  2. Save the above contents. (from the comment # Block Facebook)

  3. On the terminal, run dscacheutil -flushcache.

  4. On Safari, clear the cache. Menu bar select Develop -> Empty Cache

  5. You may have to restart your computer. And problem solved!

Meghna Natraj

Posted 2013-02-01T00:32:47.960

Reputation: 131

Yes finally :D. Working in Germany with Mojave. – fl034 – 2019-10-13T16:48:40.867

3

Try this :

# Block Facebook IPv4
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   login.facebook.com
127.0.0.1   www.login.facebook.com
127.0.0.1   fbcdn.net
127.0.0.1   www.fbcdn.net
127.0.0.1   fbcdn.com
127.0.0.1   www.fbcdn.com
127.0.0.1   static.ak.fbcdn.net
127.0.0.1   static.ak.connect.facebook.com
127.0.0.1   connect.facebook.net
127.0.0.1   www.connect.facebook.net
127.0.0.1   apps.facebook.com
# Block Facebook IPv6
::1 www.facebook.com
::1 facebook.com
::1 login.facebook.com
::1 www.login.facebook.com
::1 fbcdn.net
::1 www.fbcdn.net
::1 fbcdn.com
::1 www.fbcdn.com
::1 static.ak.fbcdn.net
::1 static.ak.connect.facebook.com
::1 connect.facebook.net
::1 www.connect.facebook.net
::1 apps.facebook.com

If this doesn't work see the article Block Facebook which also suggests :

  • Blocking Facebook on the Router
  • Block Facebook with an OpenDNS custom block list

If this still doesn't work, you could try the application SelfControl.

harrymc

Posted 2013-02-01T00:32:47.960

Reputation: 306 093

@seanieb He has linked this answer to another answer. You can find the explanation there. – None – 2017-10-29T05:39:04.883

The goal of this question isn't to simply let me block Facebook, I'd like to understand why the /etc/hosts file isn't working. – seanieb – 2013-02-04T20:00:16.383

1

Try adding these

127.0.0.1 www.facebook.com

127.0.0.1 facebook.com 127.0.0.1 static.ak.fbcdn.net

127.0.0.1 www.static.ak.fbcdn.net

127.0.0.1 login.facebook.com

127.0.0.1 www.login.facebook.com

127.0.0.1 fbcdn.net

127.0.0.1 www.fbcdn.net

127.0.0.1 fbcdn.com

127.0.0.1 www.fbcdn.com

127.0.0.1 static.ak.connect.facebook.com

127.0.0.1 www.static.ak.connect.facebook.com

Then it should get blocked.

Karan Raj Baruah

Posted 2013-02-01T00:32:47.960

Reputation: 894

Asked: 2013-02-01T00:32:47.960

Viewed: 21 152 times

Active: 2017-02-12T20:41:05.967