You only need the rule to be in the direction that the tcp session is initiated, number 1 in your case.
But I don't think your white list url filter will work. My recollection is that there is no ssl decryption on this platform so we cannot read the url to do the match. Your only option with ssl traffic is ip address based blocking in the firewall rule destination addresses for encrypted flows.