Need Assistance Setting up WAP Rules to Limit Traffic to Certain URLs

We have a public production (www.xxxtransitcard .com) and test website (testwww.xxxtransitcard .com) managed by Cloudflare with a few WAP rules that restrict access to the test site via a public IP list. We are now trying to introduce two new subsite WAP rules (testapi.xxxtransitcard .com) to only allow traffic from a public IP list AND to a specific URL (testapi.xxxtransitcard .com/v1/API/Cardholders).
When creating the rules, the logic either does not work fully, OR takes down everything under the xxxtransitcard .com domain.

Need some assistance creating the logic inside of WAP.

WAF (Web Access Firewall) is what I meant to type.

1 Like