URI-based Blocking vs. IP-based Ban in irules

I’m currently working on a security implementation using F5 BIG-IP iRules to mitigate malicious activity targeting a specific URI /contact-us on our web application. I’m debating the best approach regarding scope and impact, and I would love to hear your insights or "lessons learned" from your own deployments. We are protecting a specific endpoint from anomalous requests potential injection/brute force attempts. My primary goal is to ensure the security of this endpoint without causing unnecessary disruption to legitimate users or creating a management overhead. When we detect an anomaly, should we stick to URI-level blocking dropping/rejecting only that specific request or move to IP-based banning adding the source IP to a table for a set duration? What are your recommended strategies for handling false positives when using iRules ?