How to block internet with a group from Active Directory?

The best way to deny users from Active Directory is to use ACLs ( Access control list)

  • Under Your proxy section, choose Complete ACLs link.

    Complete Acls Link

    Your proxy: Complete acl


  • Click on New rule, give a name of your rule
  • Click on the freshed created rule

19-07-2014 23-01-32

  • Check the “Deny access” option and click on Apply
  • Select the tab Items
  • Click on New Proxy object
  • In the drop-down list, choose Dynamic Active Directory Group.
  • Click on the Browse… button
ACL - Select AD object

ACL – Select AD object

  • Browse Your Active Directory and choose your desired group.
  • Click on Select this group on the table.
ACL - Browse Active Directory

ACL – Browse Active Directory

  • Click on Add button in order to add this group in your rule.

30-07-2014 18-53-27


  • Click again on New Proxy object.
  • In the dropdown list, choose all and name your group.
  • Click on Add button

30-07-2014 18-55-40


  • These 2 groups means that proxy deny the selected group and “nothing else” that’s why the group All must be added.
  • Without this second group, deny users will receive a login popup.


30-07-2014 18-56-09


  • Click on Apply in order to make rule in production mode.


19-07-2014 23-10-59


Leave a comment