But in many cases a server operator doesn't expect any legitimate traffic from that half of the internet, or is willing to block traffic from it.
For example, there's generally no reason a customer would use their internet banking app with traffic routed via a datacentre other than for the reason you proposed (masking their IP address), so if the bank wants to prevent people doing that then blocking all data centre traffic is an effective way of doing it.
That's why I explicitly wrote: "for stuff that should only be done by legitimate users".
That means Netflix et al can (and do) ban everything that even remotely smells like a datacenter IP range and not a residential one, because that is a common method of evading regional bans or undermine pricing structure.
And on top of that... if the focus of your website is humans, you might want to cut off all datacenter originating traffic as well. Save yourself the hassle of dealing with AI scrapers.
