AWS WAF has the same limitation. It’s a trade-off between being able to be useful enough in a pinch while keeping the added latency low enough to not have an impact.
Whether that’s a good trade-off I’m not sure. Folks know this is a thing so if someone really wants to get past it they will. But it’s proven effective enough at neutralising a lot of bots and other annoying traffic whenever I’ve resorted to using it.
Whether that’s a good trade-off I’m not sure. Folks know this is a thing so if someone really wants to get past it they will. But it’s proven effective enough at neutralising a lot of bots and other annoying traffic whenever I’ve resorted to using it.