Restrict access to tunnel by IP

hi i setup a tunnel to have access to my app host in my local server but when i tried to create an app and add my pblic ip in the policy with bypass to have access to this subdomain only in certain location i have a message that says it’s forbidden and i don’t have access.