After choosing “Add”, you will see the proxy deny rule settings window. In this window there are the following fields:
By default all fields are empty except the “Action” field (with “Deny access” value) which implies matching any value in each empty field. Thus if you create a default blocking proxy rule and apply it to a user or a group, the proxy server will completely block all user's or group's HTTP, HTTPS and FTP communications that go through it. You can check which values are acceptable when you place the cursor over the field, or you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE.
The “Method” field defines the main operation that will be performed. You can find more information about methods of requesting a web-resource in https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol.
The “Action” field allows to choose a response for a reply that user will see: a) “Deny access” - the user will see the ICS CUBE logo and a message: “Access denied”; b) “Redirect to address” - the connection will be redirected to the specified address; c) “Show message” - the user will see the ICS CUBE logo and message specified by ICS CUBE admin.
Important! For correct work of options a) and c) the CONNECT method should be allowed. It means that if you add a blocking rule with “Any” in the “Method” field you will need to add permitting proxy rule with CONNECT in the “Method” field. Also proxy-server should work in “Filter HTTPS traffic with decrypting” mode.
Comment. In adding a proxy-server rule it is possible to use a construct like - <.domain>, this construct means only sub-domains. For example, .google.com in proxy deny rule will allow access to google.com, but deny it to mail.google.com, drive.google.com and etc.