The tweet mentions that there was a misaligned expectation of what the WAF would do, rather than an actual WAF bypass. It highlights the importance of understanding the capabilities and limitations of a WAF. It serves as a reminder for organizations to have a clear understanding of their security measures and not rely solely on WAFs for protection against all threats.
For more details, check out the original tweet here: https://twitter.com/0xdabbad00/status/1820514177225789930