Middlewares for queries outside domain

Traefik Traefik v2
1

I would like to block scanning bots in traefik using crowdsec but all requests without a domain to my public IP address do not go through middlewares because there is no "HTTP Router". Is it possible, to create a fake one for all queries outside my domain to make crowdsec-bouncer work?

My entrypoints look like this:

entryPoints:
  # Not used in apps, but redirect everything from HTTP to HTTPS
  http:
    address: :80
    forwardedHeaders:
      trustedIPs: &trustedIps
        - XXX.XXX.XXX.0/24   
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https

  # HTTPS endpoint, with domain wildcard
  https:
    address: :443
    forwardedHeaders:
      trustedIPs: *trustedIps
    http:
      tls:
        # Generate a wildcard domain certificate
        certResolver: letsencrypt
        domains:
          - main: domain.com
            sans:
              - '*.domain.com'
      middlewares:
        - securityHeaders@file
        - my-crowdsec-bouncer-traefik-plugin@file
2

Maybe add a fallback/catchall router for all domains (or IPs) with HostRegex() or just a rule with PathPrefix(`/`).

1 Like
3

it worked by creating router:

    entry:
      entryPoints:
        - https
      rule: 'PathPrefix(`/`)'
      service: noop@internal

But there also must be a service so i used noop@internal. The question is whether it can be used this way and whether it is safe? I can't find the documentation about noop@internal.