When trying to access www.hdfcbank.com through public IP it's not getting blocked.it should be blocked as its not allowed but instead if showing block page it's showing different page.
on the public IP address behind www.hdfcbank.com there are multiple web sites, not only www.hdfcbank.com. To identify which web site should be presented the name is used, as there is no name present (because the IP address was typed in) the web server displays a default error message (the error message shows is not generated by MWG).
Since the public IP is not exclusively used by www.hdfcbank.com it has a different category, and therefore is not blocked by MWG.
Why do you expect MWG to block this site? Based on the information you've given here, you have not proven that you've even attempted to block it.
The rule trace should show you why the site is allowed.
I am trying to block it via URL.categories with action block at the bottom of the ruleset which is same for all the rules.When I rule trace I see it's going through web cache rule which I don't understand.
The IP address you're trying to block is a Cloudflare load balancer - it's not the correct address for hdfcbank.com.
For example hdfcbank.com is currently at 184.108.40.206
So I imagine the IP is being blocked, but that's not how you're going to be able to block hdfcbank.com - you're going to have to block using the domain name.
it depends on your MWG policy whether such requests are blocked or allowed. MWG does not make any difference between public IP or domain name, so both
are handled identical within MWG. IP addresses can be categorized just like URLs.
If I refer to your example "www.hdfcbank.com" is categorized as "Banking/Finance". The public IP from your screenshot "220.127.116.11" is "Uncagetorized". If you have a rule that blocks specific categories these requests won't be blocked because they do not have any category. This has nothing to do with public IP address or URL, but likely with how categories are filtered.
I also have one case where a URL mppanchayatdarpan.gov.in having public ip 18.104.22.168 is allowed to everyone when it's access from its public ip though not allowed