Whitelist by host for incoming traffic

I am trying to whitelist incoming traffic for a service outside the mesh based on its host, not its IP.

For IP, it sort of comes down to this simple ipBlocks attribute from the source as far as I understand. But is there a solution to whitelist based on the host such as apps.esignlive.com for instance?

(See below)

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
name: ingress-policy
namespace: istio-system
app: istio-ingressgateway
action: ALLOW

  • from:
    • source:
      ipBlocks: [“”, “”]

I think you can use the host and notHost field in the authorization policy, also check the best practice before using it.