welcome again every body my question is about preventing downloading for some users but i need to make them have full access to all destination always so i create a site&content rule to allow them anytime and all dest. and also create a protocole rule to allow ip traffic for them and also create a content group add in it(.exe,.pdf,.zip,....) now: what sould i do? should i create another site rule with action deny and in the http content tab select my own content group and another protocole rule and if yes,what will be the action (deny or allow) or i can make configuration for the first site rule thank you and if possible to tell me a detail steps about how to make this