You should be able to use something like this. This is only based on the uri but you can write another acl to check the hostname if needed.
http-request deny if { path -i -m beg /admin } !{ src -f /etc/hapee-2.8/whitelist.lst }
:/etc/hapee-2.8$ cat /etc/hapee-2.8/whitelist.lst
17.1.1.1/32
17.1.1.2/32
1.1.0.0/16