Thanks, that first command shows that there are no whitelist entries taking priority after all, which is good.
The debug log shows the problem. You have assigned the blacklist entries to a dedicated Group for Amazon advertising URLs, but there are no clients in that group. You do have a couple of Clients added, but they are both in the Default Group. Therefore those blacklist entries are not being applied.
To fix that, do one of the following. Either,
Delete the Amazon advertising URLs Group and just add the blacklist URLs to the normal Default Group. This is the default when you add any new rules. Use the Comment box to mention that they are Amazon advertising URLs if you want. Since there are only a few entries, this is probably easiest. It means the rules will apply network-wide without any further work needed.
or,
Keep them in their own dedicated group as they are now. Then in Clients make sure that all the clients, where you want these rules to apply, are added. Then used the dropdown and ensure that the clients are in BOTH the Default group and your Amazon URLs group.
With that done, those clients should now see the domain blocked, because they are in both groups, so they have both the Default blocking plus the Amazon URLs blocking. This approach gives more control, especially if you are adding more domains later, but it means you have to ensure that each client affected is in Clients and in the Amazon URLs group too.
Note that since your rules appear to want to do a wildcard for amazon.dev, you can achieve this by going to Domains > Domain > enter amazon.dev > Add domain as wildcard > Add to Blacklist.
This wildcard will cover that long domain plus any other amazon.dev domain. So you could then delete the other blacklist rules and just use this one. And since it's just one rule, that makes that first method the easier one, so you could delete the Amazon URLs group and just stick to Default.
