I have a rule set up in BM3.8 to keep users out of abused web sites
during work hours. Note this screen shot from Nwadmin.

Note that the allowed access to www.fresnobee.com is coming from a rule
below the rule that http://www.fresnobee.com/ was denyed by. Both rules
apply to all. This log was from a test user and the entrys in the log
are from a single attempt to access the web site with Netscape 7.1 by
typing www.fresnobee.com into the location bar. While this test user
came up with the 403 denyed error on the browser screen, real users seem
to be able to browse sites in this list with no restrictions from the
hundreds of hits we see happen over the course of a day. The allowed
hit was from the allow rule at the bottom of the list. Have my users
discovered a way around BM rules? Can someone give me an idea where to
look next on this one.

Gus Gustafson