That’s not going to stop the spammer, IMHO.
Spmmers don’t even use your comment form. They ‘scrape’ the form (maybe, not required), and ‘post’ via a CURL process that sends the form fields. They don’t even have to visit your site – all they need for a comment post is the post ID. And that can easily be guessed or ‘scraped’ – they just need to ‘request’ your page and grab the first post ID value they find. Or use a random number.
So looking for a valid access to the post page as a way to block spammers won’t work for the automated bots that are spamming your comment form.
The ‘wp-comments-post.php’ core code is not ‘built’ to allow you to intercept any spam-bot attempts at sending you comment spam. A deficiency in the core code, IMHO.
The only way that is somewhat effective is to enable Akismet to sense comment code. But even that is not effective.
I’ve built code that can be used for contact forms that effectively block spambots (see https://www.FormSpammerTrap.com – it’s free). But I haven’t found a way to effectively block comment spam bots from directly posting to wp-comments-post.php . That would require a rewrite of that core file with a replacement. And then you’d have to block direct access to wp-comments-post.php .
So, my only option has been to enable Akismet, let it throw away all spam that it finds. But, that is not totally effective.
This is not a full answer to your question. But I don’t know of any process that will totally block bot-based comment spam. (Even changing the htaccess to look for a referring page won’t help — spam bots will just ‘fake’ the referring page value in their POST.)