WAF Rules on Subdomain only and whitelist Sucuri

I have a site on a subdomain that I need all traffic block but one url refferer:

Main domain: domain123.com
Subdomain: exclusive.domain123.com
allowlisted traffic: *.vipusers.com

So only traffic coming from *.vipusers.com can access the exclusive.domain123.com website. And the main domain is untouched by theses rules, open to the public.

One more thing, I run Sucuri Firewall and it doesn’t work when I try to add these rules.

Any idea on how to set this up properly?

Hi @mario11

If *.vipusers.com is seen in the referrer, then you can create a custom firewall rule where you choose the following expressions

Host equals exclusive.domain123.com
referrer does not contain vipusers.com