In order to deny accessing to a path from other ip address, istio allows creating role based accesss with ip address. This policy does deny all get requests except specified ip address.

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: panel-policy
  namespace: istio-system
spec:
  selector:
    matchLabels:
      app: istio-ingressgateway
  action: DENY
  rules:
    - from:
        - source:
            notRemoteIpBlocks: ["ip address"]
      to:
        - operation:
            paths:
              - "/your-path/*"
            methods: ["GET"]