When performing SSL interception, two of the available options are:
Enable HTTPS interception
Enable SSL interception with automatic protocol detection
<ssl-intercept> ssl.forward_proxy(yes) detect_protocol(all) ssl.forward_proxy.issuer_keyring(default) <ssl> ALLOW server_url.domain=//www.bluecoat.com/support-services DENY url.domain=//www.bluecoat.com/
The URL https://www.bluecoat.com/support-services will be denied.
However if you select the first option ("Enable HTTPS interception") and use the policy above, browsing to https://www.bluecoat.com/support-services will be allowed, which is expected.
The reason is, when you select the second option, the ProxySG appliance will use this URL:
"ssl://www.bluecoat.com:443/"