From the Security Speciality certification course, I understand that WAF sits between our customers and our resources by analyzing the application traffic and block the traffic that matches the web ACL. We all know that the data is encrypted end to end (HTTPS) how will the WAF be able to analyze the data before SSL offloading? if the data is analyzed after the SSL offloading (example after the reqyuest reaches the ALB and SSL offloading takes place at ALB, then does this WAF analyzes the data?), if yes, the our resources like ALB and CloudFront are still prone to attack right? Can anyone please help me with this?