Netware 6/sp3 (soon to upgrade to sp5)
Nbmgr 3.7/sp2
The bmgr server has the master replica on it for the tree.
All users browsers are configured to use the proxy.pac on the server.

I am using HTTP proxy with access rules & filters. We do not use a 3rd
party list for access rules. When I find someone using the internet for
unsavory purposes the rule is to cut off their internet access. This
happened the first time this week and the way I went to cut off their
access was to go into the access rules and made a rule (in first
position) to DENY - PORT - to that specific user to ANY destination. I
made a second rule to DENY - URL - to that specific user to ANY
destination. This did NOT prevent him from getting on the internet.

I then checked that last rule which ALLOWS - PORT - ANY -ANY. (my brmgr
was setup with Craig Johnsons help) I checked to make sure the rules I
made were exactly the same except they were denies and one was URL and
one was port and for only that user. They looked the same to me. I
rebooted and made sure the server was refreshed and it still did not
deny him access. So I went into that last rule and under Users I
specified everyone but him and then it worked. Can you explain that to
me? I thought I understood that with the rules a user starts at the top
rule and if a user hits a rule that applies to him/her that that rule is
run and no rules under that rule will be executed for that user.

How, besides this way, can I deny certain individuals access to the

Thank you.