how to block connection to a domain in firefox

Question

i need to utterly block a domain from even being connected to. obviously, addons wont work, since those only check the URL of the site the browser is navigating to, not domains the browser is connecting to. i need firefox, but preferably every browser to refuse to even make connection with the domain wherever and whenever they are being connected to, for example in an iframe, or loading an image from them on a site with a different URL.

changing the hosts file at C:\windows\system32\drivers\etc did NOTHING at all. writing this as a test:

127.0.0.1 google.com
127.0.0.1 www.google.com

anywhere in the file did nothing, and i could still connect to google.

as a reference, i would need something like when a website has an invalid certificate. when that happens, firefox refuses to even connect to the domains. would it be possible to assign an invalid certificate to specific domains, so that they get blocked? also, every hosts file changing addon i tried for firefox changes the windows hosts file, and it obviously doesnt work. is it possible to change the actual settings firefox uses instead?

also, i am using windows xp, but that shouldnt mean its impossible.

Answer 1

For the matter of C:\windows\system32\drivers\etc\hosts: - I agree with @DavidPostill 's comment which explains the need of refreshing local name cache with ipconfig /flushdns But sadly, as long as I remember, you can't block entire domains this way: only specific hosts, not whole domains (sorry, no regular expression interpretation).
In other words, I think you can block (after refreshing the name cache, with the above command or automatically after a reboot) www.google.com but not google.com because the destination is considered literally, as a whole; so the latter rule applies only to a connect request directed exclusively to google.com.

---

Your goal of blocking entire domains may be attained theoretically in diverse ways (maybe apart proprietary network security suites), even if you don't own a separate server; two of these:

• Running a local DNS server (even on the very same Windows XP machine, or on another machine you can link to the local network, running either Linux or Windows) and instructing it to redirect to another host any request directed to forbidden domains, and forward anything else to external (ISP?) DNS. See BIND, a very popular and open source DNS server.
  You local DNS service will become the default DNS server in Windows network configuration, which is immutable by non-privileged users.
  If "bad requests" are redirected to localhost, this solution has the effect of leading to "error loading page" status.

• Running a local proxy server configured to redirect to an error page each request originally directed to the forbidden domains.
  Each different browser requires not too much work to be configured, in a tamper-free fashion, to not connect directly to the web but instead to connect to the local proxy server.
  Better is if you can run the proxy server in a local network environment where you can forbid (via firewall/routing rules) direct access to the web, except for the proxy server itself. A good open source proxy, which works well even on Windows XP, is squid.
  If "bad requests" are managed by a proxy, this solution has the effect of leading to a friendly (customizable) error page.

Both BIND and squid are very well documented on the net.

---

If you can tell us more on your setup (single machine? Or local network, made by which machines? Any server around? Configurable router?) maybe we can help you better...