Hi @Mouzma,

Welcome to Google Cloud Community!

Egress refers to any access that involves an API client or resources within the service perimeter and resources outside a service perimeter. It’s not possible to directly block access to public URLs using an egress rule in the way you're describing, however there are other ways to manage network access effectively.

In Google Cloud's VPC Service Controls, egress rules are designed to control access to specific resources, not public IPs. These rules can help you manage access to:

• Google Cloud resources: You can restrict access to specific projects, services, or APIs within Google Cloud.
• External Resources: You have the ability to control access to external services. Examples include AWS S3 buckets and Azure Blob Storage containers.

However, egress rules don’t support blocking access to specific public IPs. Here's why:

• Egress rules focus on resources: Egress rules are intended to control access to specific resources, not individual IP addresses. They define which resources can be accessed, rather than blocking specific IPs.
• Network-level security: Blocking access to specific public IPs is typically done at the network level using firewalls or other security tools.

Alternative Solutions:

1. Firewall Rules: You can use a firewall, such as Google Cloud's Cloud Armor, to block access to specific public IPs.
2. Proxy Server: Implementing a proxy server can help filter traffic, allowing access only to specific public IPs.
3. VPN: Setting up a VPN can create a secure connection between your app and specific public IPs, ensuring only authorized access.

For more details, you can refer to the official Google Cloud documentation on VPC Service Controls and VPC Service Controls Basic Tutorial.

I hope the above information is helpful