Let’s make the first rule named “src_allowed”
Expression:
(ip.src eq IP1) or (ip.src eq IP2) or (ip.src eq IP3) or (ip.geoip.asnum eq 46475)
Action: Allow
And the second one named “deny_from_all”
Expression:
(http.request.method eq "GET") or (http.request.method eq "POST") or (http.request.method eq "PURGE") or (http.request.method eq "PUT") or (http.request.method eq "HEAD") or (http.request.method eq "OPTIONS") or (http.request.method eq "DELETE") or (http.request.method eq "PATCH")
Action: Block
That’s all folks 🙂
P.S. Blocking rule (ip.src ne IP1) or (ip.src ne IP2) or (ip.src ne IP3) or (ip.geoip.asnum ne 46475) didn’t work for me. First, allow some addresses, and then block everything.