I created a WebBlocker exception to deny a site like *.example.com but users are still able to access the site. Shouldn't that work?
Well that kind of problem depends on several variables.
To start, is the WebBlocker policy applied to all HTTP and HTTPS proxies that you are trying to block this website on?
Additionally if you are using Chrome, I would recommend blocking the QUIC protocol (specific to Chrome) on the firebox as it is not necessary for Chrome to work and since it uses UDP instead of TCP it bypasses these proxies.
Next comes the question, does the website also respond to the domain name itself, i.e. example.com. If so you will need a separate domain exception to block that.
I would also note that *.example.com would only block something like www.example.com, but would not block www.example.com/home.html.
I would recommend the following two WebBlocker Exceptions (to start) for most websites, especially the ones that respond to domain names:
-- Eugene Torre | Support Engineer