I can tell you, in my opinion, and this actually always proves to be the best method, you can have 2 ordered layers, network layer with firewall blade ONLY and then application layer with urlf/appc blades enabled. Then, on appc/urlf ordered layer, block whatever has to be blocked and make sure last rule is any any allow. Obviously, last rule on network layer should be any any block (impicit clean up rule), but then you can create many inline layers and by default, those will have expicit clean up rules at the bottom.
Idea is that with ordered layers, traffic has to be accepted on every ordered layer. Im happy to show you this in my lab, where I have many ordered layers, plus https inspection enabled.
Hope that helps.
Andy