[Suggestion] only specific ip address group or rule can access a website

[channchetra]

What would you like to be added or improved?

We would like the ability to restrict access to specific websites by defining an IP address group or rule. This feature should allow only designated IP addresses, such as office IPs, VPN IPs, or IP addresses from certain geographical regions, to access the website, while denying all other traffic or redirecting it to an alternate domain.

Examples of the desired functionality:

1. Domain: cms.example.com

   • Access should be restricted to a predefined group of IP addresses (e.g., office IP addresses or VPN IPs). All other traffic should be denied access.

2. Domain: store1.example.com

• Access should be restricted to a group of IP addresses based on GeoLocation (e.g., IP addresses from a specific country or region). All other traffic should deny be redirected to an alternative domain (e.g., intl.example.com).

Why is it needed?

This feature is crucial for improving security and controlling access to sensitive parts of the platform. Some scenarios where this is particularly needed include:

1. Superadmin access: For domains used by superadmins (e.g., cms.example.com), access should be limited to specific IP addresses, such as office IPs or VPN IPs, for security purposes.

2. Protected platforms: Some platforms like safeline, which operates on 101.102.103.5:9443 or waf.example.com, should only be accessible by office or VPN IP addresses. Public access should be strictly denied for enhanced security.

[xbingW]

At present, the above functions are already supported. You can add a blacklist that denies all IPs, and then add a whitelist that allows specific IPs. In the rule conditions, you can use Host = xx.com to match specific sites. For geographical location-based Access control, the professional version also supports