The article Protect Web Sites & Services Using Rate-Based Rules for AWS WAF discusses how to define a Rate-based Rule to control when IP addresses are added to and removed from a blacklist.
Are these rate limits evaluated globally, across all CloudFront edges that have WAF deployed, or are they evaluated locally, in each edge location individually?