Block subdomain but allow some people to access

Hi
I want to block my subdomain, like API.mysite.com for everyone, EXCEPT list of IP addresses who allowed to access. Only developers should see swagger, not the whole world.

I tried to use Zone Lockdown feature.

  • added some name
  • then specified URL: api.dev.mysite.com
  • then added my own IP to see it I can still have access.

Clicked “Save”. Zone Lockdown Rule is active. I can access from my IP.
Then I turned on VPN and switch IP to another country. I can still access the website, and anyone can

So, Zone lockdown doesn’t work?

How else can I achieve the same?

I tried to set up Firewall rule, but failed.

my expression is
(http.request.uri.path contains “api.dev.mysite.com” and ip.src eq 1.29.75.181)

but then I stuck. How can I express what IP 1.1.1.1 and 2.2.2.2 Allowed to access “api.dev.mysite.com” but anyone else is not allowed? I can only clock one or two IP, but do not understand “how to block all except some IP”

Firewall Rule:
(http.host eq “api.example.com” and not ip.src in {12.12.12.12 23.23.23.23 34.34.34.34})

Block

1 Like

Thank you!!!

I tried to used URI and that did not work

But “host” worked.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.