Imposing password rules onto you users does not improve security. It lessens it. Every rule helps an attacker to narrow down the search space (makes it easier to guess the password). If you want to good password security then require a minimum length of 10 (better 12) and make sure your system supports unicode so people can use accented characters.

Obligatory xkcd. Also, it is not uncommon to check new passwords against a list of common passwords and reject them if neccessary.