Yes, Ory Oathkeeper allows you to configure access rules to control the access to your resources. You can define these rules to match certain conditions like HTTP method, path, scheme, and host of the incoming HTTP request. Here is an example of an access rule that allows anonymous access to `https://httpbin.org/anything/header`:

json {  "id": "allow-anonymous-with-header-mutator",  "version": "<version-you-want>",  "upstream": {  "url": "<https://httpbin.org/anything/header>"  },  "match": {  "url": "http://<127.0.0.1|localhost>:4455/anything/header",  "methods": [  "GET"  ]  },  "authenticators": [  {  "handler": "anonymous"  }  ],  "authorizer": {  "handler": "allow"  },  "mutators": [  {  "handler": "header",  "config": {  "headers": {  "X-User": "{{ print .Subject }}"  }  }  }  ] }

In the

match

section, you can specify the URL that should be matched. You can use regular expressions or glob patterns in this field to match more than one URL. The matching strategy (glob or regexp) is defined in the global configuration file as

access_rules.matching_strategy

. This matcher ignores query parameters. Regular expressions (or glob patterns) are encapsulated in brackets

<

and

>

. Please note that the

url

in the

match

section is the URL of the incoming request that Oathkeeper should match, not the URL of the host that is allowed to access. If you want to allow access from a certain host only, you might need to implement this at a different level (like a firewall or a reverse proxy) because Oathkeeper does not provide this feature directly. For more details, you can refer to the [Ory Oathkeeper documentation](https://www.ory.sh/docs/oathkeeper/api-access-rules#access-rule-format).