Hello Traefik World
Its my first post here, apologize for bad english
I'm very happy using Traefik, really good proxy for docker 
But i face a problem with rules and ipwhitelist
Configuration
Traefik 2.8.4
Docker 20.10.8 in swarm mode on Ubuntu 20.04.3 LTS
Behind a Nat router (no filtering on ports 80 and 443)
traefik.yml
version: '3.7'
services:
traefik:
image: traefik:latest
# for good client IP forwarded
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
...
All is good at this point, any stacks deployed run well
I try to set a new stack with ipwhitelist use :
Access to http://myentry.mydomain.com/ limited to some set of ip
Access to http://myentry.mydomain.com/admin/ (and /login/) limited to different set of ip
version: '3.9'
services:
myservice:
...
labels:
...
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.services.myservice.loadbalancer.server.port=80
- traefik.http.routers.myentry-root.entrypoints=http
- traefik.http.routers.myentry-admin.entrypoints=http
- traefik.http.routers.myentry-root.rule=Host(`myentry.mydomain.com`)
- traefik.http.routers.myentry-root.priority=100
- traefik.http.routers.myentry-admin.rule=Host(`myentry.mydomain.com`) && (PathPrefix(`/admin/`) || PathPrefix(`/login/`))
- traefik.http.routers.myentry-admin.priority=200
- traefik.http.middlewares.myentry-root-ipwhitelist.ipwhitelist.sourcerange=X.X.X.X
- traefik.http.middlewares.myentry-admin-ipwhitelist.ipwhitelist.sourcerange=Y.Y.Y.Y
- traefik.http.routers.myentry-root.middlewares=myentry-root-ipwhitelist
- traefik.http.routers.myentry-admin.middlewares=myentry-admin-ipwhitelist
...
In this configuration Y.Y.Y.Y blocked anywhere, X.X.X.X allowed anywhere 
Tryed inverting priority, root priority 200 and admin 100, same result
Tryed changing 'root' rule to
- traefik.http.routers.myentry-root.rule=Host(`myentry.mydomain.com`) && !(PathPrefix(`/admin/`) || PathPrefix(`/login/`))
(negate pathprefixes part to be the counterpart of admin rule, just to see effect)
Exact same result only X.X.X.X have ALL access !
Finally tried to change order of declarations of rules in compose file, (with last changes) just to see if that have an effect :
- traefik.http.routers.myentry-admin.rule=Host(`myentry.mydomain.com`) && (PathPrefix(`/admin/`) || PathPrefix(`/login/`))
- traefik.http.routers.myentry-admin.priority=200
- traefik.http.routers.myentry-root.rule=Host(`myentry.mydomain.com`) && !(PathPrefix(`/admin/`) || PathPrefix(`/login/`))
- traefik.http.routers.myentry-root.priority=100
Nothing change, Y.Y.Y.Y. blocked anywhere, X.X.X.X allowed anywhere
Notice that in Traefik UI, each time, each middleware is ok and 'attached' to correct entrypoint
Seems Traefik choice a middleware only for 'Host' part of rule then apply it to all rules with same 'Host' declaration
Traefik Bug ? or i do some mistakes or misanderstand something ?
