diff --git a/internal/controller/proxy_controller_test.go b/internal/controller/proxy_controller_test.go
index 25e71630..63d70a70 100644
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -368,6 +368,26 @@ func TestProxyController(t *testing.T) {
 	policyEngine, err := service.NewPolicyEngine(cfg, log)
 	require.NoError(t, err)
 
+	policyEngine.RegisterRule(service.RuleUserAllowed, &service.UserAllowedRule{
+		Log: log,
+	})
+	policyEngine.RegisterRule(service.RuleOAuthGroup, &service.OAuthGroupRule{
+		Log: log,
+	})
+	policyEngine.RegisterRule(service.RuleLDAPGroup, &service.LDAPGroupRule{
+		Log: log,
+	})
+	policyEngine.RegisterRule(service.RuleAuthEnabled, &service.AuthEnabledRule{
+		Log: log,
+	})
+	policyEngine.RegisterRule(service.RuleIPAllowed, &service.IPAllowedRule{
+		Log:    log,
+		Config: cfg,
+	})
+	policyEngine.RegisterRule(service.RuleIPBypassed, &service.IPBypassedRule{
+		Log: log,
+	})
+
 	for _, test := range tests {
 		t.Run(test.description, func(t *testing.T) {
 			router := gin.Default()
diff --git a/internal/service/policy_engine.go b/internal/service/policy_engine.go
index 26483e07..870ce4a4 100644
--- a/internal/service/policy_engine.go
+++ b/internal/service/policy_engine.go
@@ -68,8 +68,8 @@ func (engine *PolicyEngine) evaluateRuleByName(name RuleName, ctx *ACLContext) E
 	rule, exists := engine.rules[name]
 
 	if !exists {
-		engine.log.App.Warn().Str("rule", string(name)).Msg("Rule not found in policy engine, defaulting to abstain")
-		return EffectAbstain
+		engine.log.App.Warn().Str("rule", string(name)).Msg("Rule not found in policy engine, defaulting to deny")
+		return EffectDeny
 	}
 
 	return rule.Evaluate(ctx)