How to block access to certain url if IP address not in list?

Only certain IP addresses should be allowed to visit URLs that start with

mysubdomain.mydomain.com/wp-json

mysubdomain.mydomain.com/wp-json

.
I can't find this setting in Cloudflare.

I've tried it with a WAF rule to block when:

(http.request.uri contains "mysubdomain.mydomain.com/wp-json" and ip.src ne 188.8.2.0)

(http.request.uri contains "mysubdomain.mydomain.com/wp-json" and ip.src ne 188.8.2.0)

where the IP address is just a random ip address. Yet, with this rule in place, I can still visit the url.

Erisa•9/2/23, 6:52 PM

only covers the path and query string, you can use instead

Erisa•9/2/23, 6:52 PM

MartyOP•9/2/23, 7:02 PM

Thanks Erisa, but what I now have seems to always block access. For example, when I use I still get blocked.

Erisa•9/2/23, 7:05 PM

Do you have multiple rules?

MartyOP•9/2/23, 7:06 PM

No, it's my only WAF rule.

MartyOP•9/2/23, 7:07 PM

I have one redirect rule but that's not even related to this subdomain.

MartyOP•9/2/23, 7:08 PM

It blocks both with and .

MartyOP•9/2/23, 9:10 PM

The rule now works. It just seemed to have needed some time to be propagated everywhere...