Question says "can deny access from this user" but the source-address on firewall is of Webserver, can you confirm the direction of traffic? Is it from User to Webserver or Webserver to User and on which device do you need to apply the filter?
Action on filter says "policer Block-user", policer is used for rate-limiting and not for blocking.