IpAllowList at namespace level

Hi, I'm able to use ipallowlist middleware to filter traffic to my Ingress and ingressroutes, but what i want to achieve is set that middleware at namespace, and then try to refine ip access depending on service.
(the reason is we need to limit the access to the services deployed on certain namespace where an external user works. We want to keep under control which ips are allowed to reach that services without having to provide them to the user and make him modify their ingresses. Also I don't know if network policies is a better aproach to achieve this)

This is the configuration I made but forbidden is not triggered. What I'm missing? Is even possible what I want to achieve? Do you suggest any other strategy to ip-white-list access to a service?

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
  namespace: whoamitests
  labels:
    app: whoami
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - name: web
              containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
  namespace: whoamitests
spec:
  ports:
    - name: web
      port: 80
      targetPort: web
  selector:
    app: whoami
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: global-middleware
  namespace: whoamitests
spec:
  ipAllowList:
    sourceRange:
      - 172.27.0.213
#      - 172.27.0.211
---
apiVersion: v1
kind: Namespace
metadata:
  name: whoamitests
  annotations:
    traefik.ingress.kubernetes.io/router.middlewares: "whoamitests-global-middleware@kubernetescrd"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami
  namespace: whoamitests
#  annotations:
#    traefik.ingress.kubernetes.io/router.middlewares: "whoamitests-global-middleware@kubernetescrd"
spec:
  rules:
    - host: k8s-dev-whoami.mydomain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: whoami
                port:
                  number: 80

Working on k8s 1.31