In my Cloudflare Teams Gateway I configured a policies to block content such as porn and I even added a URL
While in the top blocked list my URL is there
I’m able to navigate the website, so the block simply don’t work
I wonder why ???
If you want to block a domain with/without the WWW a regular expression for that would be something like this
(www.)?example.com
thanks, but this is not the solution; my regex was just representing my last test
In the Team Gateway, as I already block the porn and this website is recognized as a porn website why I still see the porn and not the message saying this website as been blocked.
I am facing similar issues. The policies set to block malware don’t work at all. Using DoH address on windows.
What is the configuration of the machine that you are using when you do not see the block? The screenshot you shared shows a block in your logs - which machine is that from?
For your specific gateway config to work, the machine you’re using needs to be using your gateway IPs for DNS: Filter DNS on home or office network · Cloudflare Zero Trust docs
What happens when you run an nslookup or a dig from that machine to a banned hostname?
Thanks for your reply 
To test I use firefox on Kubuntu which query DNS through PiHole which as been configured with dnscrypt-proxy by following those steps.
My pihole communicate well with the Cloudflare Gateway
and as been properly configured
From my Kubuntu when I dig redtube
I see it is blocked on the Cloudflare side almost on real time
NOTE: my pihole and my kubuntu as been rebooted few time, so normally the DNS Cache on my kubuntu as been flushed.
I also tried with a Windows 10, which never went on redtube but also have the pihole as primary DNS and 9.9.9.11 as secondary DNS and I don’t see the block message neither.
Is 127.0.0.53 Port 53 what you expect your Kubuntu server to be using for DNS? The dig output there shows that is the server giving you the answer in the SERVER section at the bottom of the dig.
How exactly is the Kubuntu machine configured in terms of the OS level DHCP / DNS setttings?
What is the response you get while you perform a “nslookup” to the blocked domains?
Are you getting the server’s IP or are you getting a Cloudflare IP?
If you are getting a Cloudflare IP while you do nslookup, the policies are working fine, the browser maybe sending the requests over Secure DNS and hence the sites that should be blocked are being allowed. If these are managed devices you can disabled Secure DNS on your browsers using GPO.