Look, any WAF that blocks a document like

    <!DOCTYPE html>
    <html lang="en">
    <body>
    <p>/etc/hosts is a file on Unix hosts</p>

is pretty clearly broken. And you can't meaningfully measure product metrics like impact for fundamentally broken products.