Blue Coat Cloud Security Services Release 3.0, March 29th 2012, introduced policy logic where the Web Application rules override any Content Policy rules. 

For example, if you block the category Auctions in content policy but the web application Ebay is still allowed then all sites categorized as Auctions will be denied except for Ebay.

To block Ebay, or any Web Application, it needs to be defined under the Web Applications tab.  If you need the ability to allow certain individuals access to certain sites or categories, but denied to the rest of the company, please see the workaround section below.

WORKAROUND:

Since the Web Application controls currently override the advanced content filtering rules, if you need granular control over the sites indicated in the Web Applications and Categories listed below, please contact Blue Coat Technical Support.  Support can assist you so that web application controls are disabled until a more permanent solution becomes available in a future release of the Threatpulse service.

ADDITIONAL INFORMATION

Web Applications are a global rule.  You cannot define conditions for the rule to be enforced, it is a deny or allow for everyone.  For example you cannot define a rule that states if you are "user1" then you are allowed access to Ebay and everyone else is not allowed access.  This granular functionality is planned for a future release of the Cloud Security Services.

As of the writing of this document the following table shows the current Web Application and its associated category.  When defining Content Policy it is important to remember that any policy related to Web Applications may not produce the expected results without also modifying policy under the Web Applications tab.