Hi Everyone,
I'm using traefik 3 as ingress for my application.
I have an ingressroute based on the Host which handles the traffic for my application
Unfortunately this app have a couple of public endpoints which are now being used by attackers to see if something exists in our db with that key ( /account/${key}/public ). Unfortunately this endpoint has to be public because is used by the frontend to show the logo of the account and the login options enabled. Luckly the endpoint doesn't expose any sensible data, but it's causing the db to be hit and it's quite annoying. So as a temporary workaround i wanted to add a check on this Path, that does the same thing as the main rule, but it also checks that the Origin header is present. Is there a way to achive it using traefik middlewares ?
You can check for a plugin doing that or create your own (doc).
Maybe adding a Header Rule to the endpoint may fix this.
This rule will check wheter a Header has a certain value, I have not checked whether this allows wildcard.