what does nat reflection have to do with redundancy? So your saying your public fqdn points to different IP if site A becomes unavailable? Your dns changes to point to site B? If so that might be an actual use case that makes sense to use a public IP.
But since your users are going local anyway. What is the likelyhood that their local site is down and you would want them to go to some remote site? What if there internet is down and can not even resolve the public dns? In the case where you use split your local users would still have access to the site your hosting local, etc.
Setup your local dns to direct to another site as well if it goes offline.. Not that hard to do with simple script to check, and change the record.
As to a firewall rule.. If your on the local segment you can put all the firewall rules you want into pfsense doesn't stop me from talking to the box that is on the same L2 as user.. What rules are you putting in place for wan are not taken into account on a nat reflection anyway. Now if you put your httpd on segment different than your users local then sure you can firewall segment A from segment B and your still not doing nat reflection.
Your possible use of a fqdn that resolves public might be a possible valid use case, but without understanding the details prob not. If users in site A can not get to site A because its down.. You more than likely have problem with site A that prob either of higher priority then site A service not being available to the public internet, or could also prevent them from getting to site B, etc.
If your failover detects that site A is down because can not get to it from public internet because public internet is down at site A, how do users know to go to this other site or even get there, or resolve this public IP in the first place? So your saying the local site has the public IP already - if so how does it change to the failover site?