Hi Jose,
Thanks for posting.
I touched base with one of our awesome engineers on this one. (Kudos @Edwin Groothuis!)
The WAF gateway protects for programming based attacks (SQL Injections for example), for HTML based form data (XSS for example), for exploits and attacks (CVE's for example), but it does not inspect for the purpose of the content submitted ("Buy my penny stock" and "Click here for ..."). As such it does not do OCR on images uploaded to see if it contains that kind of text neither.
I hope this answers your question!
Thanks,
Sarah
------------------------------
Sarah Lamont
Digital Community Manager
------------------------------