I have set a Security Level page rule for particular POST endpoints I have on my site, but after Cloudflare’s check, browsers are then redirected to the same page through GET, and the POST request isn’t delivered to the server.
Is there any way to change this, or perhaps a better way to protect POST endpoints?
You can use Firewall Rules for specific methods so could implement something for a POST there.
Alternatively you may be able to accomplish what you want via a Workers script (Scott Helme did a blog post on needing to redirect POSTs to a new URL a while back which you may be able to leverage).
Thanks for your recommendations. Unfortunately, I run into the same problem when setting a firewall rule. At the end of the check, it forwards to the same address using GET. Using a workers script isn’t really an option for me at the moment, either.