Re: How to create exception to web filtering rule
You can create two different web filter profiles: one called Facebook-Allow and one called Facebook-Block. Create an address group with the users allowed to view Facebook. Create a policy restricted to the allowed address group and apply the Facebook-Allow profile. Create another policy for all users and select the Facebook-Block profile. Make sure that the policy with Facebook-Allow is listed prior to the Facebook-Block policy.
You may need to first enable the option to create multiple security profiles by going to System > Config > Features, selecting Show More, and turning on Multiple Security Profiles.