I usually do it quite similar, basically with Custom URL categories named like
NoSSL_No_Auth_exception
and/or
NoSSL_exception
I usually use “Inspect other policies” even this is most likely reduced to “URL Category / IP blacklisting” since Zscaler will not longer be able to do inline inspections.
I never had issues with that. Keep in mind, that you will see a “special user”, like noauth-bypassurl$ or noauth-protocol$ in the log. I would have to test which user is selected in this case.
For this URL/use case I guess that “Bypass other policies” is suitable as you most likely have no URL policies that prevent certain users (eg. base on Location/sub location/special user) to access this URL and you also trust this URL, so you would not care about APT-Module to block this IP.