This tweet talks about limitations of a certain WAF bypass method in context of Cloudflare WAF. It says the method respects robots.txt and is subject to challenges and WAF protections. Because of these, it won't bypass anything even if the site is behind Cloudflare WAF. In simple terms, this means the bypass method is not effective or reliable enough to avoid detection or filtering by Cloudflare WAF or similar protections. The method also pays attention to robots.txt, which may indicate it avoids crawling or attacking disallowed areas, reducing chances for exploitation. Overall, this highlights that certain WAF protections like Cloudflare's remain strong against some bypass attempts, especially those that do not aggressively evade challenges or ignore robots.txt rules.
Original tweet: https://twitter.com/_ashleypeacock/status/2031735883334922442