Request Control workflow
The default for Request Control is to give all requests access. You use your rules to restrict access.
Here's a diagram that shows how Request Control works.
For the allowlist example, when a visitor requests a page and the IP address or geography is allowed based on the rules, that visitor can view the page. If the visitor’s IP address or geography is not included in the rules, that visitor will receive a 403 (Forbidden) error.
Conversely, for a blocklist, if a visitor requests a page from an IP address or geography that's denied based on the rules, the visitor will receive a 403 error.