Perform Web URL Filtering or Blacklisting without additional hardware
There’s a simple and free method of performing dynamic web URL filtering or blacklisting on the Cisco ASA without the need of implementing websense or N2H2/Smartfilter server. This is can be done via the Cisco ASA Botnet Traffic filter!
Botnet Traffic Filter license not required!
Normally you will require a license to activate the botnet traffic filter, which provides you to botnet database updates. However, little people are aware that you can do static blacklisting and whitelisting using the Botnet traffic component without the need to activate to use their database or obtain a license. The ASA’s botnet filter performs dynamic DNS lookups of the domain the URL is given and updates it’s filter based on the domain to IP mapping which is much more powerful than a static IP based access list.