Middleware Being Used on Route Where It Isn't Specified?

I have the following router:

        [http.routers.ipam]
            entryPoints = ["https"]
            rule = "Host(`ipam.example.com`)"
            service = "ipam"
        [http.routers.ipam.tls]

and this is the SSO middleware I used for all other routes:

        [http.middlewares.sso_auth.forwardAuth]
            address = "https://auth.example.com/api/verify?rd=https://auth.example.com"
            authResponseHeaders = ["Remote-User", "Remote-Groups", "Remote-Name"]
            trustForwardHeader = true

Despite the fact that the middleware isn't specified on the route, the following happens:

Is there a misconfiguration somewhere in there causing non-browser requests to use the middleware?