A POST will generally have a payload that you need to worry about, but it will also have a URI. So your mitigation a are dependent on the injection point. An example POST request:
POST /foo/bar/test.exe HTTP/1.1
Host: www.example.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla...
username=foo&password=bar&execute=test.exe
So you could still look at the URI in a POST request, but then you can also look at the payload, which would require a collection. If I had to guess, I would assume your application predominantly uses GETs, so the overhead of collecting on POSTs, and potentially a subset of POSTs based on some trigger URIs, wouldn't be too overwhelming.