I want to block my subdomain, like API.mysite.com for everyone, EXCEPT list of IP addresses who allowed to access. Only developers should see swagger, not the whole world.
I tried to use Zone Lockdown feature.
- added some name
- then specified URL: api.dev.mysite.com
- then added my own IP to see it I can still have access.
Clicked “Save”. Zone Lockdown Rule is active. I can access from my IP.
Then I turned on VPN and switch IP to another country. I can still access the website, and anyone can
So, Zone lockdown doesn’t work?
How else can I achieve the same?
I tried to set up Firewall rule, but failed.
my expression is
(http.request.uri.path contains “api.dev.mysite.com” and ip.src eq 188.8.131.52)
but then I stuck. How can I express what IP 184.108.40.206 and 220.127.116.11 Allowed to access “api.dev.mysite.com” but anyone else is not allowed? I can only clock one or two IP, but do not understand “how to block all except some IP”