acl url_regex on squid3 is not working using an online tested regular expression

Question

I was asked to block Facebook access from 8:00am to 3:00pm for almost all users but they are bypassing the current defined rules to access the social network anyway. This is consuming a lot of our low bandwidth and we can't even work. I decided to design a regular expression (regex) to parse these URLs and block them. I don't want to block all facebook URLs but only alternatives. An alternative Facebook URLs mostly contains the words prod or iphone. The next ones are alternative Facebook URLs registered by our proxy server:

m.iphone.touch.prod.facebook.com
m.iphone.haid.prod.facebook.com:443
m.ct.prod.facebook.com
m.vi-vn.prod.facebook.com

The designed regex: /((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)/

I tested this regex on https://regex101.com/ and https://www.regextester.com. The regex is matching for:

m.iphone.touch.prod.facebook.com
m.iphone.haid.prod.facebook.com:443
m.ct.prod.facebook.com
m.vi-vn.prod.facebook.com

And is not matching for:

www.facebook.com
m.facebook.com
mqtt.facebook.com (for purple-facebook)
graph.facebook.com
connect.facebook.com
3-edge-chat.facebook.com

So far this is what I wanted, alternative URLs blocked and regular Facebook URLs allowed. My regex looks good to be used in squid.

Next step is to modify the file /etc/squid3/squid.conf by adding a new acl pointing the file that contains the regex:

acl facebook dstdom_regex "/etc/squid3/acl/facebook" //The file contains the regex
http_access deny pass facebook

When I run squid3 -k parse for check the configuration file I am getting the errors:

2017/09/22 11:12:26| Processing: acl facebook dstdom_regex "/etc/squid3/acl/facebook"
2017/09/22 11:12:26| squid.conf line 78: acl facebook dstdom_regex "/etc/squid3/acl/facebook"
2017/09/22 11:12:26| aclParseRegexList: Invalid regular expression '((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)': Invalid preceding regular expression
2017/09/22 12:39:33| Warning: empty ACL: acl facebook dstdom_regex "/etc/squid3/acl/facebook"

Obviously, the squid3 parser is tagging my acl as wrong, but I already tested it online and it was good to use. Also it says the acl is empty. What does it mean? The acl was declared with the name facebook. I am very confused at this.

Answer 1

The problem was in the regex I was using. Changed the regex with this one: \b(iphone|prod)\b.*\.facebook\.com and now squid is stopping the URLs. After running squid3 -k parse squid says there is no problem, and if an user is trying to access to an alternative Facebook link such as (for instance): test.prod.facebook.com the proxy refuses the connection.