I would wonder what a rule trace would show you. I don't think this is related to regex changing as you arent using any
I believe this issue is likely related to the fact that this is an HTTPS URL and the MWG is blocking the request *before* we know the real URL.
Think of SSL/TLS as happening in 2 steps:
1. Client requests to CONNECT to www.facebook.com to create tunnel
2. Client has SSL/TLS tunnel established to www.facebook.com, and requests https://www.facebook.com/blahblahblah
I think that MWG is likley blocking the client when it sees #1.
For more information see the following best practice:
100% match. I was not aware about that detail and I guess facebook used to use just plain http in the past while these guys decided to move to https in the recent past.
The best practice document is just great, should be part of the product documentation!