I have a REST webservice protected/exposed through UTM WAF. The webservice URL is sometimes called with empty parameters, however WAF seems to "optimize" the URL and consolidate the empty parameters, for example the original call
is stripped to
The same webservice exposed through my old TMG Server works flawless and receives empty param2 and 3 for example in the above call.
I tried to disable URL hardening, disable filtering, disable all threat filter categories however with no success.
Any idea how to tell the UTM to leave my URL alone ?