What's the alternative? Abusive traffic is the norm rather then an exception. This gets into the same argument when people say they don't need a CDN; it's a relic from when bad actors were rare.
If all I'm doing is requesting an HTML page, why do they have to send me a CAPTCHA? I understand that my request is coming from an IP belonging to a VPN and maybe someone used the same IP nefariously, but I doubt they requested the same page I have.
You can knock over a server with malicious requests of static content. In fact, what you are describing (requesting different pages) is the first step to trying to defeat a firewall rule that would protect against that attack.
This is the era after the invention of Low Orbit Ion Cannon. Attacks that would previously have been technically sophisticated can now be done with a few GitHub downloads and either many volunteers or many compromised machines.
