Azure FrontDoor WAF does not filter PUT requests
Hello, I'm trying to use Azure FrontDoor WAF with some web applications, but I noticed that default WAF rules do not filter PUT requests.
I have tried to use some common XSS and SQL injection code into PUT requests, but WAF does not block anything by default. For GET and POST requests WAF rules work fine.
In Azure FrontDoor WAF I have the following managed rule set included: Microsoft_DefaultRuleSet_1.1 with all rules in the enabled state with action block. I have also tried using FrontDoor Premium with Microsoft_DefaultRuleSet_2.0, but the result is the same, PUT requests were not filtered.
The same PUT requests were filtered and blocked while using the Azure Application Gateway with OWASP 3.0 ruleset.
Is this normal behavior for Azure FrontDoor WAF? Is there any way to filter PUT requests using WAF on FrontDoor without writing custom rules?