Hi,
I have never tested this, so this is a bit of an educated guess:
You can configure custom environment variables (on the Runtime tab) from the mendix BTP portal. If you configure ‘ACCESS_RESTRICTIONS’ there, it could be picked up by the mendix cf buildpack, where you can also find some documentation.
# ACCESS_RESTRICTIONS example:
# {
# "/": {'ipfilter': ['10.0.0.0/8'], 'client_cert': true, 'satisfy': 'any'},
# "/ws/MyWebService/": {'ipfilter': ['10.0.0.0/8'], 'client_cert': true, 'satisfy': 'all'},
# "/CustomRequestHandler/": {'ipfilter': ['10.0.0.0/8']},
# "/CustomRequestHandler2/": {'basic_auth': {'user1': 'password', 'user2': 'password2'}},
# }
Let us know if this works, regards Fabian