I setup a website at website.com that requests data from a server via the subdomain sub.domain.com where an A-Record points to the IP of the Server.
How can I allow only requests that are coming from Website.com (when people access Website.com and do stuff) and prohibit all other IPs?
I've setup nginx as a reverse proxy with letsencrypt/ssl for the sub.domain.com.