Hi @rolf
Thank you for getting in touch with us through the Alumio forum.
In order to validate the source IP address of the webhook request, you can use a Header Matcher to validate forwarded header with the value of for=IP_ADDRESS;proto=https. Please replace the IP_ADDRESS with the source IP address of the webhook request.
See the below screenshot as an example, where the IP address is stored in an environment variable called IP_ADDRESS_1.
Please give it a try and let us know if you find any problems.