How to detect and stop routing requests to malicious backends in a multi-tenant setup


I'm using traefik to route requests to backends belonging to different tenants:

The architecture is more or less fixed at this point and I cannot make major changes. The issue is that traefik routing rule updates happen asynchronously with respect to pod orchestration, and there can be some failover scenarios where a new pod takes the place of an old unavailable pod when old requests are still being routed there, causing data leak.

Is there a way to setup traefik to recognize that a new backend has been swapped in and stop directing old requests there, at least for a while until the rules are updated? For example, can I have custom logic for validating backend certs' DNs?