Nilesh,

There are a couple of options that you can consider here.  If you have an ASA5510 or greater, you can consider purchasing a CSC module.  The CSC module will allow you to select various categories and dynamically filter sensitive sites - including pornography, hacking, and other malicious categories.  With the release of CSC 6.3+, you can also integrate the filtering and URL-blocking functionality of this product with Active Directory.  Depending on the user, you can filter what user has access to what websites or categories of websites.  Please contact your Cisco Account Team or reseller if this is something that you would be interested in.

If you just want to filter certain websites manually, you can enable 'inspect http'.  Once you have enabled 'inspect http', you can reset particular connections based on the Layer 4-7 content of the packet.  For instance, consider the following config:

regex badsite "www.badsite.com"

policy-map type inspect http_policy

match request header host regex badsite

policy-map global_policy
class inspection_default

  inspect http http_policy

If there are a number of sites that you are concerned with, you can also match off of a class-map of regular expressions.  Unfortunately with this approach, the detail in your regex will determine how successful your filter will be.

ASDM has a wonderful Regex testing feature that will assist in developing the appropriate regex for your filter.

Hope this helps,

Kevin