Hi,
Can you please analyze the incidents and let me know if you see the data has been transfered via HTTPS or HTTP?
If you see the data has been transfered via HTTPS then there is no problem all you have to do is have the filter applied to HTTPS box as well.
Refer to this Example:
-,10.6.232.115/32,*;-,10.0.0.0/8,*;-,132.180.8.41/32,*;-,172.16.4.30/32,*;+,*,*
it works perfectly at my environment :)