We have a public production (www.xxxtransitcard .com) and test website (testwww.xxxtransitcard .com) managed by Cloudflare with a few WAP rules that restrict access to the test site via a public IP list. We are now trying to introduce two new subsite WAP rules (testapi.xxxtransitcard .com) to only allow traffic from a public IP list AND to a specific URL (testapi.xxxtransitcard .com/v1/API/Cardholders).
When creating the rules, the logic either does not work fully, OR takes down everything under the xxxtransitcard .com domain.
Need some assistance creating the logic inside of WAP.