There are a few cases where the firewall does not audit something. Very few. We would have to look at the whole audit stream to be sure that it is not actually auditing something here.
If you're at v8 you can put the HTTP proxy into debug mode and collect audit again. Sometimes that will show us an error we could not see before.
$> cf agent mod name='HTTP Proxy' debug_level=6
- Collect audit
- Turn the debug off:
$> cf agent mod name='HTTP Proxy' debug_level=0