Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, its possible with a standard ACL although its not very granular. I.e., you're likely block other traffic too, e.g. all traffic from an address block.
An extended ACL will allow a much more specific ACE such as bocking TCP port 80.
However, even an extended ACL might not be specific enough. You might need something like NBAR and/or FPM to truly block a specific web session, since these technologies can identify HTTP traffic using other than port 80 and/or URL contents.
