Instagram is one of the most popular social media platforms, and also one of the hardest to block without the right tools. This guide covers every method: DNS filtering, hosts file rules, and router-level blocking.
Learn About Pricing
The fastest and most reliable way to block Instagram is to use CleanBrowsing's DNS filtering service. Instagram is part of the Social Media category in the CleanBrowsing dashboard. When you enable the Social Media filter, all Instagram-related domains are blocked automatically across every device on your network.
To set this up, log in to your CleanBrowsing dashboard, navigate to Content Filters, and toggle Social Media to blocked. Instagram (along with Facebook, TikTok, and other platforms) will be blocked immediately.
If you only want to block Instagram but allow other social media platforms, use the Custom Domains page instead. Add instagram.com to your blocked domain list. CleanBrowsing will automatically block all subdomains and CDN domains associated with Instagram.
When a user tries to access Instagram after it has been blocked, they will see a DNS_PROBE_FINISHED_NXDOMAIN error in their browser. The Instagram mobile app will also fail to load content, showing connection errors.
CleanBrowsing also offers free DNS resolvers that block social media as part of broader content categories. The Family Filter (185.228.168.168 / 185.228.169.168) blocks adult content, VPNs, and proxies but does not block social media by default. For social media blocking, you need a paid plan that lets you toggle specific categories.
If you need to block Instagram on a single device without DNS filtering, you can edit the device's hosts file. This maps Instagram domains to 0.0.0.0, which sends all requests to a null address and prevents the browser (or app) from connecting.
Open the hosts file with administrator or root privileges, and add the following entries. You need to list each domain individually because hosts files do not support wildcard entries.
Add these entries to block the primary Instagram domains:
Instagram serves images, videos, stories, and reels through multiple CDN domains. Without blocking these, media content may still load even if the main site is blocked:
Instagram also uses edge servers and API endpoints for login, notifications, and real-time updates:
Important: Instagram is owned by Meta and shares infrastructure with Facebook. Some Instagram features rely on facebook.com subdomains (such as edge-mqtt.facebook.com for push notifications). For complete blocking, consider also blocking Facebook domains. See our Facebook domain list.
Note: CDN subdomains change frequently as Meta adds and rotates edge servers. The list above covers the most common domains, but new scontent-*.cdninstagram.com subdomains appear regularly. This is one of the main reasons DNS filtering with CleanBrowsing is more effective than manual hosts file blocking.
Blocking Instagram at the router level ensures every device on your network is covered, including phones, tablets, smart TVs, and guest devices. There are two approaches: configuring your router to use CleanBrowsing DNS, or using your router's built-in domain blocking features.
This is the recommended approach. Log in to your router's admin panel and change the DNS servers to your CleanBrowsing assigned IPs. Once configured, all DNS queries from every device on the network will pass through CleanBrowsing's filters.
After the router reboots, enable the Social Media filter in your CleanBrowsing dashboard. Instagram will be blocked on all connected devices without any per-device configuration.
Some routers (especially those running OpenWrt, pfSense, or similar firmware) support domain-based blocking natively. You can add instagram.com and cdninstagram.com to the block list. However, most consumer routers do not support wildcard domain blocking, so this method is less reliable than DNS filtering.
Devices can bypass router DNS settings by using hardcoded DNS servers or encrypted DNS (DoH/DoT). To prevent this:
For a detailed guide on preventing filter bypass, see How to Prevent Filter Bypass.
While hosts file edits and router-level domain blocking can work, DNS filtering through a service like CleanBrowsing is the most effective way to block Instagram for several reasons:
Instagram uses hundreds of domains and subdomains that change regularly. Meta rotates CDN endpoints, adds new API servers, and shifts infrastructure across data centers. A manual block list becomes outdated within weeks. CleanBrowsing's categorization engine tracks these changes automatically, so you never need to update your block list.
A hosts file only blocks Instagram on one device. DNS filtering at the router level blocks it on every device: phones, tablets, laptops, smart TVs, and IoT devices. This is particularly important for schools and businesses where hundreds of devices need consistent policy enforcement.
With CleanBrowsing, you can block Instagram specifically while allowing other Meta properties (like WhatsApp), or block all social media with a single toggle. You can also set different policies for different network segments, allowing staff access while blocking student access.
Editing hosts files requires administrator access on each device, which is impractical in environments with BYOD (bring your own device) policies. DNS filtering works transparently at the network level, requiring no access to individual devices.
CleanBrowsing provides query logs and reports so you can see how often Instagram is being accessed (or attempted). This visibility is essential for schools, libraries, and organizations that need to demonstrate policy compliance.