1) Try this in you config
set security flow traceoptions file flowtrace size 5 files 2
set security flow traceoptions flag basic-dtapath
set security packet-filter my_filter source-prefix <source-ip>
commit
Then try to browse and look in the output from the trace with show log flowtrace to see what's going on.
when you're ready: rollback 1 to disble the tracing
2) In the IDP module you can do application recognition en set the block action
3) set logiing to your policy and review in the rtlogd log file.
To enable loging set log session-close on the permit level of the policy (then log session-close)
To view the log: show log rtlogd