How to override an entrypoint middleware for a specific route?

How to override an entrypoint middleware for a specific route?


My need is pretty simple but following all what I read today I guess there is no way to do what I want with Traefik. I would know if smarter people know to perform this.

I do have pretty the same use case that this old topic. Let's see a simple example:

  • At entrypoint level, only ip are allowed.

  • At route level, on, and are allowed. That means, the range on route level is higher that the entrypoint level.

According Traefik's current logic, middlewares will be chained and the root middleware will be applied first... rejecting the allowed ip

My wish would be to be able to override the global middleware but according this thread, I undersand it won't be possible. Also, I was looking for how to do it without removing the entrypoint middleware and copy/paste it to every router (currently >50). Is there a trick to do this?

If it's not possible to override entrypoint middleware, how are you managing this?
Have a nice day!

I don't think this is possible.

How would you manage this issue in term of security?

You want to allow ip1 and ip2 on most, but ip2 not on some targets?

Can’t you allow both on entrypoint and disallow ip2 on some routers?

Yes I can but the issue is I want to allow 1 and disallow 49, so I have to write 49 times the rule. It's borrying and might be a source of bad configuration.
The standard way of protection is to remove all access and to only add what you want (the inverse of the solution)