Securing a webapp with a WAF - single URI

Any security experts out there?

I’m building a multi-screen Dash app with several different forms, which results in sending out different schemas being POSTed to the backend.

However looks like Dash is using a single endpoint for all backend calls - regardless of the originating form:

self._add_url("_dash-update-component**", self.dispatch, [“POST”])**

My company uses a WAF product for securing backends for webapps.

The single URI kind of makes thins messy with the WAF, as if I were to create a security policy for the Dash app that understands just the JSON schemas that I need for certain screen sending form data, I’m being forced to declare fields that are valid only for other screens.

Is there anything that I can do to provide finer control over the backend calls and how to differenciate them to different policies?

Thanks in advance