- The Proxy Policy configurations successfully block the specific file types from uploading to most of the websites.
config firewall policy
edit 6
set type explicit-web
set uuid f7642bde-dba3-51f0-1171-c31a19d81026
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "webproxy"
set explicit-web-proxy "web-proxy"
set utm-status enable
set logtraffic all
set profile-protocol-options "Clone of default"
set ssl-ssh-profile "SSL Deep Inspection"
set webfilter-profile "g-default"
set dlp-profile "Block"
next
end config dlp profile
edit "Block"
config rule
edit 1
set name "BlockUpload"
set proto http-post
set file-type 1
set action block
next
end
next
end config dlp filepattern --> Microsoft Word and Excel.
edit 1
set name "builtin-patterns"
config entries
edit "msoffice"
set filter-type type
set file-type msoffice
next
edit "msofficex"
set filter-type type
set file-type msofficex
next
edit "*.doc"
next
edit "*.docx"
next
edit "*.xlsl"
next
end
next
end -
The reason why file uploading slips through when uploading a file to Google Translate, there is that Google Translate does Base64-encode document content as part of the upload process and sends over POST requests to Google Translate APIs. Furthermore, embedded inside JSON payloads. connection": "8080",
"request": {
"method": "POST",
"url": "https://translate.google.com.my/_/TranslateWebserverUi/data/batchexecute?rpcids= LBEnTe&source-path=%2F&f.sid=-5914947044029896701&bl=boq_translate-webserver_20260107.05_ p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=357565&rt=c ",
"httpVersion": "http/2.0", "size": 19204,
"mimeType": "application/json",
"text": ")]}'\n\n19108\n[[\"wrb.fr\",\"LBEnTe\",\"[[\\\"UEsDBAoAAAAIAHs/ LFyPRp33AAkAADZiAAARAAAAd29yZC9kb2N1bWVudC54bWztXd1S4zoSvj9P0eXa3SuTyI5/kuxkTgUIDANhUglbe7ml2 Iqtgy15ZRmTvTrvsFd7t8+yj3KeZEu2ExJghjDMH5oUVWDLVltS99etbrXEm19v0wRuiMgpZwPDaiEDCAt4SFk0MP52d XLQNSCXmIU44YwMjCXJjV/f/vKm7Ic8KFLCJNymCcv7ZRYMjFjKrN9u50FMUpy3UhoInvOFbAU8bfPFggakXXIRtm1 koeoqEzwgeU5ZdIT -
Alternatively, the upload can be blocked using the proxy address. - Create two proxy addresses as follows via CLI commands:
config firewall proxy-address edit "GoogleTranslateDocument"
set type header
set host "all"
set header-name "x-goog-ext-387202953-jspb"
set header "/DataService.GetDocumentTranslation"
next
end edit "GoogleTranslateImage"
set type header
set host "all"
set header-name "x-goog-ext-387202953-jspb"
set header "/DataService.GetImageTranslation"
next
end Note: Google frequently updates its HTTP requests protocol/headers. The above HTTP request headers were tested based on January/February 2026. -
Create FQDN objects. config firewall address
edit "translate.google.com"
set type fqdn
set fqdn "translate.google.com"
next
end edit "translate.google.com.my"
set type fqdn
set fqdn "translate.google.com.my"
next
end Note: There are well-known Google Translate domain variants, such as the examples below. It is required to create more fqdn objects for each variant: -
Create a proxy policy as per the attached and make sure it is placed at the top. 
-
The browser debug (developer tools) shown specify HTTP headers are being denied and forward traffic log as well. 
This method will block all uploads to Google Translate. | 
