Restrict access to /api and /admin by IP range

We are using gitlab-ce-omnibus with the https protocol only accessible using VPN currently. As we plan to allow worldwide access via https:// now, we would like to restrict access to https://fqdn.gitlab/api and admin/ for certain IP ranges.

Questions:

  • Despite the obvious fact you cannot use admin and api functions worldwide, could this lead into serious problems?
  • Could I deploy rules like this with an omnibus nginx configuration? Would like to avoid running another reverse proxy just for restricting the services.

Thanks in advance.
Waldemar