How to overwrite middleware (headers) attached to the entrypoint?

Hello.

I am curious how I am supposed to overwrite headers middleware in a specific router. My case is that I have attached to the default entry-point sitting on port 443 security headers to block indexing.. However I would like couple sites to be indexed. It would make sense to create another shared middleware which will be overwriting the default one attached to the 443 entrypoint..

My configuration is as follows:

traefik.yml:

entryPoints:
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: default
        domains:
          - main: example.com
      middlewares:
        - private-headers@file

shared middlewares:

    ### SECURITY
    private-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - X-Forwarded-Host
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        frameDeny: false
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: same-origin
        permissionsPolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
        customResponseHeaders:
          X-Robots-Tag: "none,noindex,nofollow,noarchive,nosnippet,notranslate,noimageindex"
          server: ""

    ### PUBLIC SITES
    public-headers:
      headers:
        permissionsPolicy: "*"
        customResponseHeaders:
          X-Robots-Tag: ""
          server: ""

So entrypoint is using private-headers but let them be overwritten in the router via other middleware public-headers:

http:

  routers:
    forum.example.com:
      entryPoints:
        - websecure
      rule: Host(`forum.example.com`)
      service: forum.example.com
      middlewares:
        - public-headers

  services:
    forum.example.com:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: 'http://192.168.255.11:59111'

Current result is as follows:

image

image

You can see that it is not overwriting even if the public headers are listed as second.. Obviously I cant create another entrypoint due to port conflict and letsencrypt configuration.. To me it seems that the most convenient solution is to have router middleware overwrite those in entrypoint.. If anybody has some suggestion how my scenario could be implemented, I will be much of a help. Thanks.

1 Like

Could you remove the middleware from the entrypoint and just add the corresponding middleware to the individual services independently?

You could but I want to avoid that if possible.. It is an extra precaution in case you would forget.. Other factor is that I have 50+ services which I dont want to rewrite docker-file for..

So would like to address this problem this way. Thanks

Hello. Anybody from @traefik_moderators can elaborate this problem? Thanks

Why nobody cares? Is somebody even reading this or adding it to backlog?

If you have some very special requirements, why should somebody spend their time and implement this for you, so you can save time?

You can implement this yourself (or pay a developer) and do a pull request or you can get the paid Traefik version and open a ticket.

That is not what I am requesting.. AFAIK this is a community forum, so some eventual answer would be nice.. Especially when I strongly believe this is a bug behavior.

Anyway I should not ever expect any collaboration for bugs/suggestions until I wont pay for the premium? Thanks

I think you have a very special problem and just no other community member cares about it.

Looking for this too, but it's not possible right now. See here for a long standing feature request for this problem.

1 Like

Is this going to be addressed in Traefik v3.0? Thanks

Hey @MacGyver27, thanks for your interest in Traefik!

There is currently an open proposal to make it possible to disable middleware at the router level.

1 Like

Seems it wont be addressed at the end.. so what is the plan then? How am I supposed to address this scenario in a single traefik instance then?

Thanks!

You assign only global middlewares for all routers on entrypoints, individual middlewares are assigned to routers directly.

So this wont be fixed in version 3 then? Thanks!