They also can be circumvented by attackers who are able to use a proxy or VPN to hide their IP address. And WAFs arent good at detecting anomalies in traffic patterns that could indicate an attacker is trying to probe for vulnerabilities
https://t.co/wPhHcOwDe3