We have Squid running on a RHEL server. We want to block users from getting to Facebook, other than a couple specific sites, like our organization's page. Unfortunately, I can't get those specific pages unblocked without allowing ALL of Facebook through.

[squid.conf]

# Local users:
acl local_c src 192.168.0.0/16

# HTTP & HTTPS:
acl Safe_ports port 80 443

# File containing blocked sites, including Facebook:
acl blocked dst_dom_regex "/etc/squid/blocked_content"

# Whitelist:
acl whitelist url_regex "/etc/squid/whitelist"

# I do know that order matters:
http_access allow local_c whitelist
http_access allow local_c !blocked
http_access deny all

[blocked_content]

.porn_site.com
.porn_site_2.com
[...]
facebook.com

[whitelist]

facebook.com/pages/Our-Organization/2828242522
facebook.com/OurOrganization
facebook.com/media/set/
facebook.com/photo.php
www.facebook.com/OurOrganization

My biggest weakness is regular expressions, so I'm not 100% sure about if this is all correct. If I remove the "!blocked" part of the http_access rule, all of Facebook works. If I remove "facebook.com" from the blocked_content file, all of Facebook works.

Right now, visiting facebook.com/OurOrganization gives a "The website declined to show this webpage / HTTP 403" error in Internet Explorer, and "Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error" in Chrome.

WhereGoes.com tells me the URL redirects for that URL goes like this:

facebook.com/OurOrganization --> [301 Redirect] --> http://www.facebook.com/OurOrganization --> [302 Redirect] --> https://www.facebook.com/OurOrganization

I tried turning up the debug traffic out of squid using "debug_options ALL,6" but I can't narrow anything down in /var/log/access.log and /var/log/cache.log. I know to issue "squid -k reconfigure" whenever I make changes to any files.