How to overwrite middleware (headers) attached to the entrypoint?

MacGyver27 · December 2, 2022, 4:19pm

Hello.

I am curious how I am supposed to overwrite headers middleware in a specific router. My case is that I have attached to the default entry-point sitting on port 443 security headers to block indexing.. However I would like couple sites to be indexed. It would make sense to create another shared middleware which will be overwriting the default one attached to the 443 entrypoint..

My configuration is as follows:

traefik.yml:

entryPoints:
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: default
        domains:
          - main: example.com
      middlewares:
        - private-headers@file

shared middlewares:

    ### SECURITY
    private-headers:
      headers:
        accessControlAllowMethods:
          - GET
          - OPTIONS
          - PUT
        accessControlMaxAge: 100
        hostsProxyHeaders:
          - X-Forwarded-Host
        stsSeconds: 63072000
        stsIncludeSubdomains: true
        stsPreload: true
        forceSTSHeader: true
        frameDeny: false
        contentTypeNosniff: true
        browserXssFilter: true
        referrerPolicy: same-origin
        permissionsPolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
        customResponseHeaders:
          X-Robots-Tag: "none,noindex,nofollow,noarchive,nosnippet,notranslate,noimageindex"
          server: ""

    ### PUBLIC SITES
    public-headers:
      headers:
        permissionsPolicy: "*"
        customResponseHeaders:
          X-Robots-Tag: ""
          server: ""

So entrypoint is using private-headers but let them be overwritten in the router via other middleware public-headers:

http:

  routers:
    forum.example.com:
      entryPoints:
        - websecure
      rule: Host(`forum.example.com`)
      service: forum.example.com
      middlewares:
        - public-headers

  services:
    forum.example.com:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: 'http://192.168.255.11:59111'

Current result is as follows:

You can see that it is not overwriting even if the public headers are listed as second.. Obviously I cant create another entrypoint due to port conflict and letsencrypt configuration.. To me it seems that the most convenient solution is to have router middleware overwrite those in entrypoint.. If anybody has some suggestion how my scenario could be implemented, I will be much of a help. Thanks.

youngt2 · December 9, 2022, 3:26pm

Could you remove the middleware from the entrypoint and just add the corresponding middleware to the individual services independently?

MacGyver27 · December 12, 2022, 10:08am

You could but I want to avoid that if possible.. It is an extra precaution in case you would forget.. Other factor is that I have 50+ services which I dont want to rewrite docker-file for..

So would like to address this problem this way. Thanks

MacGyver27 · December 22, 2022, 8:53pm

Hello. Anybody from @traefik_moderators can elaborate this problem? Thanks

MacGyver27 · January 4, 2023, 9:34am

Why nobody cares? Is somebody even reading this or adding it to backlog?

bluepuma77 · January 4, 2023, 9:39am

If you have some very special requirements, why should somebody spend their time and implement this for you, so you can save time?

You can implement this yourself (or pay a developer) and do a pull request or you can get the paid Traefik version and open a ticket.

MacGyver27 · January 4, 2023, 9:46am

That is not what I am requesting.. AFAIK this is a community forum, so some eventual answer would be nice.. Especially when I strongly believe this is a bug behavior.

Anyway I should not ever expect any collaboration for bugs/suggestions until I wont pay for the premium? Thanks

bluepuma77 · January 4, 2023, 9:52am

I think you have a very special problem and just no other community member cares about it.

rhtenhove · January 29, 2023, 4:56pm

Looking for this too, but it's not possible right now. See here for a long standing feature request for this problem.

MacGyver27 · April 25, 2023, 2:58pm

Is this going to be addressed in Traefik v3.0? Thanks

svx · April 27, 2023, 3:35pm

Hey @MacGyver27, thanks for your interest in Traefik!

There is currently an open proposal to make it possible to disable middleware at the router level.

MacGyver27 · January 9, 2024, 12:59pm

Seems it wont be addressed at the end.. so what is the plan then? How am I supposed to address this scenario in a single traefik instance then?

Thanks!

bluepuma77 · January 9, 2024, 2:56pm

You assign only global middlewares for all routers on entrypoints, individual middlewares are assigned to routers directly.

MacGyver27 · January 21, 2024, 10:56am

So this wont be fixed in version 3 then? Thanks!

Topic		Replies	Views
Overwrite specific header only Traefik v2 file	6	2185	November 20, 2019
Middlewares on all routers but one Traefik v2 middleware	2	1325	May 5, 2020
Multiple headers middleware overwriting? Traefik v2 docker , middleware	2	2506	January 7, 2020
How to override an entrypoint middleware for a specific route? Traefik v2 middleware	4	146	March 29, 2024
Is it possible to configure headers middleware not to overwrite but to add Traefik v2 middleware	1	548	March 27, 2022

How to overwrite middleware (headers) attached to the entrypoint?

Related Topics