OK, so I need to look back at 2.2
On my side, I confirm that is you hack squid.conf adding deny_info, Zentyal does display custom error page of your choice.
For the time being, I did some dirty but quick hack directly in /usr/share/zentyal/stubs/squid
deny_info ERR_LIST shalllist~dc~socialnet~dom
deny_info ERR_LIST shalllist~dc~socialnet~urls
then I added custom page (ERR_LIST) in /usr/share/squid3/errors/templates/
restarted Squid and when I try to access facebook, my customized error page is displayed.
So if you do it manually, this is really painful but as squid.conf is built when HTTP proxy start, with some development skill (that I don't have even spending hours at this
) you can generate squid conf that will, like building ACL, add the deny_info directive.
Next step is to point to the right custom page pragmatically but this should not be an issue.