Allow traffic from IP addresses in allowlist only

This example blocks incoming requests from IP addresses that are not present in an allowlist (defined using an IP list).

Create an IP list with the IP addresses for which you want to allow access.
For example, create an IP list named allowed_ips with one or more IP addresses. For more information on the accepted IP address formats, refer to IP lists.
Create a custom rule blocking any requests from IPs not present in the list you created (allowed_ips in the current example).
- When incoming requests match:
  
  Field Operator Value
  IP Source Address is not in list allowed_ips
  
  If you are using the Expression Editor:
  (not ip.src in $allowed_ips)
- Action: Block
(Optional) Update your expression with any extra filters, like blocking non-allowlisted IPs only for specific URI paths:

Field Operator Value
IP Source Address is not in list allowed_ips And
URI Path wildcard /admin/*

If you are using the Expression Editor:
(not ip.src in $allowed_ips and http.request.uri.path wildcard "/admin/*")

Field	Operator	Value
IP Source Address	is not in list	`allowed_ips`	And
URI Path	wildcard	`/admin/*`

Other resources