My staff only will access from Hudu either from the office or via VPN to a trusted place. In the interest of minimising the attack surface, I think it would be good to officially allow lockdowns.
What I would like is to do is to specify IPs or CIDR/subnets and then assign them to - main web gui, API endpoint and the public open pages (which I am guessing will just be open to all).
I haven't looked in detail, but, I remember the setup guide required us to place a NGINX (I believe?) config file in a folder.
I guess we can actually achieve this for the most part ourselves, however, I'm just submitting this as an idea for something that is "officially" supported, either from the gui or .env file.
(And, guessing if it is from the GUI, we would still need something in .env to overwrite/disable restrictions in case of an accidental lockout... not as though anyone here would ever make a mistake! )