Restrict entrypoint to allow only a specific hostname (middleware?)

Learning traefik, our environment traefik is the ingress for a k8s cluster.
Traefik has 10 services and growing...
One of the service is 'open' and all others services require a basic-auth middleware restricting access.

So instead of having to be sure that each other service (not the 'open') had the basic-auth middleware, we created two entrypoints (both with TLS), and to one of them we've added the basic-auth middleware.
Now when we access any of the service on the protected entrypoint it correctly asks for basic-auth, but on the other entrypoint we can access all services without basic-auth.

Is there a way to limit an entrypoint to accept only a specific hostname? I know i can ad the entrypoint to the routes (services) but that again will need that all 'protected' routes need adding the entrypoint.

I've looked for middlewares, seemed the correct point of doing it, but could not find one that would allow me to restrict the hostname that the entrypoint would accept.

Any idea how i could archive this without having to add on each protected route/service an entry to restrict what entrypoint it uses (reason, if we forget to add it, the route/service will be accesible without basic-auth).

Thanks for any tip/suggestion.

Sounds like a very specific problem. You can try something like this or roll your own plugin.