hello,
DLP will return an ICAP code 200 because ICAP processing was ok (or other code if there was any ICAP errors of course).
but HTTP request content will be modified with response rule message (defautl one is "Content blocked due to policy violation") instead of returning exact same content as the one sent in initial ICAP request from proxy to DLP and web site destination is removed.
----
Typical ICAP response for blocking (first ICAP parts / then HTTP request part // initial HTTP request included in proxy ICAP request sent to DLP contains a document attached to it)
ICAP/1.0 200 OK
Cache-Control: no-cache
ISTag: "Vontu14.0"
Encapsulated: res-hdr=0, res-body=141
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Wed, 07 Sep 2016 13:41:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 39
Content blocked due to policy violation
Regards.