WAF rules / managed challenge for POST pages

I’m trying to set up a managed challenge to replace a CAPTCHA for a contact form on my website.

I’ve set up a WAF Rule as follows:

URI path contains “/contact” and
Threat Score greater than or Equal to “0”

This works for both my contact form at https://example.com/contact, but it seems some bots already have stores the form submit URL of https://example.com/wp-json/contact… and sending new POST requests to that address to submit the form.

Do WAF Rules/managed challenges work for POST pages? If not, what would be the best option for protecting:

POST https://example.com/wp-json/contact


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.