This tweet implies a universal WAF bypass where the type of domain (origin IP or WAF) does not matter as long as the bypass is successful. This highlights a critical security issue that affects various WAF vendors. It is essential to address such bypass techniques to enhance WAF security against different vulnerabilities.
Original tweet: