Either I really don't understand what you are trying to achieve or my guess is correct and you are wrong with your approach. Let me explain:
Using proxy can be done either in transparent or explicit mode.
In transparent mode, browser (and user) is not aware of any proxy in the middle as this feature relies on network redirect. Because of this, authenticating is not an option.
In explicit mode, you have to configure your browser to use explicitly proxy or use auto discovery mode like
WPAD.
Back to transparent mode (although it doesn't match your requirement that is to apply profiling to some users): do not bother inventing rules like redirect at FW level. You can do it very easily by selecting "transparent" mode in HTTP proxy section.
Last but not least, do you mean that saving changes doesn't apply rules? I almost never reboot my server although I do change FW rules from time to time...