How do I silently drop a connection to a site without returning an error to the browser?

Please note that these steps will cause the connection to terminate.  Generally, the browser will show a blank screen without any kind of error.  Make sure this is documented in your environment so that internal support calls are not unnecessarily created.

If you want to silently drop a connection to a particular site without returning any kind of a warning or error message, please do the following things from the command line interface (CLI) and also from the Management Console:

PART I - FROM THE COMMAND LINE INTERFACE (CLI)

1.)  Console into the ProxySG either through the serial console, SSH, or telnet (if telnet is enabled).
2.)  Go into enable mode
3.)  Go into configuration terminal (Config t) mode
4.)  Go to exceptions
5.)  Use the command "create examplesitename_deny" with sitename being the name of the site you wish to deny, such as example from example.com
6.)  Exit out of the config t and enable mode.

Here is an example of the commands entered above:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)exceptions
ProxySG#(config exceptions)create examplesitename_deny
  ok
ProxySG#(config exceptions)exit
ProxySG#(config)exit
ProxySG#

PART II - FROM THE MANAGEMENT CONSOLE

1.)  Go into the Management Console (https://<ip.address.of.proxysg>:8082/)
2.)  Go to the Configuration tab > Policy > Policy Files > Policy Files tab > Install local file from: Text Editor > click on the Install button.
3.)  A popup box will appear.  Paste in the following text:

<exception>
exception.id=user_defined.examplesitename_deny terminate_connection(yes)

NOTE:  Make sure the name of the user defined exception is the same as was created in Part I, Step 5 above.

4.)  Under Policy (Configuration tab > Policy), select Visual Policy Manager and then click on the Launch button.
5.)  You will create a new rule in a new or existing Web Access Layer.

     i.)  For source, select the destination URL.  Right click and select Set... > New... > Request URL.  Use the simple match and enter in the domain, such as example.com and then click the Add button and close buttons.
     ii.)  Pick the newly created request URL from the list and click on the OK button.
     iii.)  For Action, right click and select Set... > New... > Return Exception...
     iv.)  Select the radio button next to "User-defined exception:" and use the drop down list.  Using the example above, you should see examplesitename_deny.  Select it and click on the OK button twice.
     v.)  Click on Install Policy.

6.)  Test.

TROUBLESHOOTING:

When a user goes to the site in question, the page should just be a blank page.  If the page comes up, then you have a rule after this rule that is bypassing the exception and allowing the page to go through.  In that case, you will need to find the rule that is overriding this rule.  Please see 000011446 for more details on how to run a policy trace.