Yes, you can do that. You need to select action as Block or Block reset when you create an access rule and change the settings using HTTP Responses tab to custom while creating the policy. But this is only for HTTP websites.
facebook uses HTTPS and would need a decryption engine like a dedicated firepower appliance.
the ASA firepower module doesn't have this capability.
i've tried to block facebook on our ASA firepower module but didn't work.
It blocks HTTPS based on Server name Identifier (SNI) or common name from certificate filed. But it won't send you the block page as HTTPS, we don't see HTTP get request and can not spoof it.
Right - even with a hardware appliance and https decryption policy we cannot send a block page for https sites. We can only block the site silently (reset the connection).
I tried this with an AMP 8150 and confirmed with TAC that the block page function is not available for https - even with a decryption policy and trusted certificate issued from an internal PKI on the appliance..
i just tried this and i can block facebook using the URL blocking policy.
i was doing application blocking earlier and somehow facebook gets through.
If you were using application and URL in the same rule then it won't work and will allow the URL. That's because the rule has to match the and condition. It has to match the application and URL. In your case it will never match the application because traffic is encrypted and device won't be identify the application. So it goes to the next rule or default rule.
Even if you have SSL decryption policy it will still allow some packets, that's because device will require some packets to identify the actual application used by the client.
So you need to be very careful when you are creating your policies.
Thank You everyone for the follow up, but now im confused,
I know becasue it works right now, I can block either
http://facebook.com or applicaiton based facebook
what im trying to accomplish is to allow
url facebook.com/mycompany = which allows users to get to clients facebook company page and block everything else on facebook afterwards..
Ive setup 3 D-Cloud demos and my own lab and 2 TAC cases, and no anwser yet.
seeing if anyone in community has ever seen this or even tried something like this.
Thank You again