At what point does Traefik add the XFF header when there is a middleware modifying it? If it is before the middleware is called, it is not working as expected. If it is after, what should be the trusted hosts configuration so that whatever the middleware adds is kept as such without appending to it?
Right now, no matter what, traefik adds the XFF after the middleware sets it, making the last IP which is considered by the application to be traefik's IP. Also, regardless of adding that set value to the trusted hosts, I still see it appended.
If I do not understand wrongly. The
X-Forwarded-* are set via the EntryPoint: Forwarded Headers 
You can configure Traefik to trust the forwarded headers information (
forwardedHeaders.trustedIPs: Trusting Forwarded Headers from specific IPs.
forwardedHeaders.insecure: Insecure Mode (Always Trusting Forwarded Headers).
 EntryPoints - Traefik
Yes. I tried setting as such:
No change, the XFF was still being appended to by traefik's host IP. Not the container IP. That is what surprised me as well.