I've got following scenario: One Docker Host with several CMS projects and a Traefik up and running. I'd like to filter out the backend URL from Public IP addresses, since it should only be accessible from private IP Ranges.
publicly available: https://www.project.com/xyz https://www.project.com/abc
restricted to internal IP's only: https://www.project.com/backend
Can I realize that with an IP whitelist and e.g. 2 Routers - 1 for public access and 1 for backend access?
I've tried something like:
# Backend Router (Restricted Access)
- "traefik.http.routers.project-backend.rule=Host(`${DOMAINNAME}`) && PathPrefix(`/backend`)"
- "traefik.http.routers.project-backend.entrypoints=https"
- "traefik.http.routers.project-backend.tls=true"
- "traefik.http.routers.project-backend.middlewares=backend-ipwhitelist"
- "traefik.http.routers.project-backend.priority=100"
But the filter didn't work - could still access backend.
Any suggestions?
Without seeing the rest of your configuration it's hard to identify the problem. I attempted to re-create your situation with the following
compose.yaml
:This prohibits access to the
/backend
path as expected. A request to/
from anywhere succeeds:While a request to
/backend
is rejected:If I make the same request from a system on the
192.168.1.0/24
network, it succeeds: