This feature would allow flexible and fine-grained IP-based access control on [sub]domain level, i.e.:
set load-balancing reverse-proxy service my-new-api backend 'new-bk-01' set load-balancing reverse-proxy service my-new-api mode 'http' set load-balancing reverse-proxy service my-new-api port '443' set load-balancing reverse-proxy service my-new-api rule 10 domain-name 'example.com' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.10.0/24' set load-balancing reverse-proxy service my-new-api rule 10 allow ip '10.10.11.0/24' set load-balancing reverse-proxy service my-new-api rule 20 domain-name 'new.example.com' set load-balancing reverse-proxy service my-new-api rule 20 deny ip '10.10.12.0/24' set load-balancing reverse-proxy service my-new-api ssl certificate 'my-new-api-cert' set load-balancing reverse-proxy backend bk-01 balance 'round-robin' set load-balancing reverse-proxy backend bk-01 mode 'http' set load-balancing reverse-proxy backend bk-01 server srv01 address '192.0.2.11' set load-balancing reverse-proxy backend bk-01 server srv01 port '80'
the rule 10 in the example above would allow access to example.com only for two subnets(10.10.10.0/24 and 10.10.11.0/24), while rule 20 would deny access to new.example.com for 10.10.12.0/24.