Based on the rule traces, you're not actually performing SSL scanning. So blocking anything on HTTPS isn't likely to work (if you're trying to look inside the tunnel -- which you are).
In the screenshot, you have the "SSL Scanner" ruleset on, but.... you or someone changed the rules which in effect neuter the SSL scanner.
There is a rule called "Set Client Context", the action in your rules is set to "Stop Ruleset". This needs to be Continue (this is what it is by default).
You or whoever may have done this for some reason or another, but it doesnt really matter because it disabled SSL Scanner.
Thanks for your help. It does the trick. Previously my colleague did the configuration and after he resign I continue what was done. Anyway, it seems web gateway can block almost all attachment on Dropbox but for webmail outlook, not even 1 mime type were success to block from being upload. Do you have any workaround for this?
When you ran a rule trace, what did it show you?
If I had to guess, there are probably some upstream whitelisting of the outlook or microsoft servers that are taking precedence over the blocking rules.