Skip to content

Traefik has no security hardening #28

Open
Open
Traefik has no security hardening#28
@letan-assistant

Description

@letan-assistant
letan-assistant
opened on Feb 15, 2026

Traefik is configured with Let's Encrypt TLS and Prometheus metrics, but has no security-oriented middleware:

  • No rate limiting: No protection against request floods
  • No security headers: No HSTS, X-Content-Type-Options, X-Frame-Options, CSP, or Referrer-Policy
  • No IP whitelisting middleware available for internal services
  • No request buffering limits: No max body size or connection limits

Suggested approach:

  • Define a default headers middleware with security headers (HSTS, etc.) via Traefik CRDs or HelmChartConfig
  • Add rate limiting middleware for public-facing ingresses
  • Consider a default IngressRoute middleware chain that applies to all routes

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions