How best to deny POST to / route in nginx when using * => www.domain.tld SEO redirect

An endless array of bots is POSTing to the / route on one of my servers. The setup is nginx with PHP.

This solves the problem (for the most part):

Code:

location = / {
   limit_except GET {
     deny  all;
   }
}

The only shortcoming is that POST (and other) requests to the non-www version of the site are subjected to a 301 (permanent) redirect prior to being denied via such a rule. This seems wasteful, because it results in a second request being made to the server, thereby compounding the problem.

A more complete example follows, to demonstrate the nginx rules that ISPConfig introduces to implement the SEO redirect:

Code:

server {
   server_name example.com *.example.com;

   root  /var/www/example.com/web/;

   if ($http_host != "www.example.com") {
     rewrite ^ $scheme://www.example.com$request_uri? permanent;
   }
 
  location = / {
     limit_except GET {
       deny  all;
     }
   }
}

What is the best means by which to modify the configuration such that requests to the / route on the non-www version of the site are denied prior to the redirect being followed?

According to https://blog.martinfjordvald.com/2012/08/understanding-the-nginx-configuration-inheritance-model/ , the directives are processed in the following order:

• Global.
• Http.
• Server.
• If.
• Location.
  • Nested Location.
  • If in location.
  • limit_except.

Is it even possible to employ a "location" directive when using "if" like this?

Code:

   if ($http_host != "www.example.com") {
     rewrite ^ $scheme://www.example.com$request_uri? permanent;
   }

Surely, there is a variation of this configuration that will have the intended effect. I'm all ears, even if it can't be done directly through ISPConfig's interface.

Thanks in advance!