To block a user in EZproxy you would add the IfUser condition in the user.txt to deny the user by using a line like this (replace userid with the identifier for that user):
IfUser userid; deny
The positioning of this can affect whether it works or not.
Depending on the circumstances, it may also be necessary to wrap the statement in "Common" block like this:
::Common IfUser userid; deny /Common
If using SAML for authentication you would instead set in the shibuser.txt to block the user based on the attribute your SAML server returns with the userid. For example, if the userid is returned in NameID this is how to block a user:
If auth:NameID eq "userid"; deny
If you need help or are a Hosted EZproxy then contact OCLC Support.