Ghost and CloudFlare Firewall rules and API search

I have general question about using

Ghost with CloudFlare firewall rules to protect the admin dashboard to be accessed only from a given IP.

I’ve read:

So I have this settings:

  • URI contains /ghost/
  • ip address not in xxxxx..
  • URI doesn’t contain /api/v3/content/posts/

Is there a better way to protect the admin and allow the API calls.
Is the needed and reasonable - to additional protection to admin panel.