ASA 

and

also would like to know whether general router has this function and how to do?

actually i mean not only web site, for example, in window , share drive, net drive, in linux, you can get file with ftp , or get software, or other kind of methods.

i just afraid hackers can get word file, movie file, or photo if they succeed to pass firewall

You can use zone based firewall feature of URI inspection:-

Please see in detail at below link:-

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html

zone based web do not have file extension to choose, how do it know the extension of file? or type of file?

can hacker bypass the file name extension filter of firewall?

i see that ASA has policy , do ASA have zone based?

Hi,

The ZBF link sent earlier show how we can inspect URI in http request

parameter-map type regex uri_regex_cm
   pattern “.*cmd.exe”
  

class-map type inspect http uri_check_cm
   match request uri regex uri_regex_cm

ZBf is the feature on Cisco routers and ASA though concepts are little same but works differently. However it is important that you can be more granular with the protocol (layer 7) inspection only. Like on ASA if you will try to restrict .exe file from a p2p application that won't be possible, But on router you have some application for p2p in NBAR and you can use it file filtering. Please check configuartion example for both devices.

Thanks

if application is unknown, how to set?

well there are some limitations with asa and cisco routers as they don't primarily designed for all application. In that case you will need to use other devices.