How to restrict access to my backend service to only my frontend servcice

Hello everyone,

I'm having difficulties to achieve something quite common I guess. I'm running on the same server through docker-compose, a docker container for my frontend and a docker container for my backend proxied through traefik.
I would like to configure that my backend can only be access from the my frontend application (= same server)
How can I achieve this with Traefik ?
On the backend headers, for the X-Real-IP contains my client IP and not the frontend IP.
Can I do a check on the Referer or Origin header ?
I was expected to be able to use the IPWhitelisting feature but not sure how to use ? Can you help please ?