Hello,

Our website also has a mobile application.

The mobile application draws the contents from the subdomain with the help of API.

I want to create a new rule.

My goal is to block bots from outside our country.

i can do this with country restriction rule.

However, after doing this, the user visiting the mobile application from a different country cannot access all the features. pictures not opening etc.

this is actually true.

but my wish is just to protect my website for visitors from different country. In the mobile application, visitors from different countries should be able to move easily.

How can I do this?

If the subdomain is api.example.com, you can create a Firewall Rule that says

Hostname equals api.example.com AND
Country does not equal your country code

then block/challenge etc