41 lines
888 B
YAML
41 lines
888 B
YAML
# Strip Authorization header for WebDAV so Authentik doesn't try to interpret Basic Auth
|
|
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: webdav-strip-auth
|
|
spec:
|
|
headers:
|
|
customRequestHeaders:
|
|
Authorization: ""
|
|
|
|
---
|
|
# Rate limit to protect from brute force / bots
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: rate-limit
|
|
spec:
|
|
rateLimit:
|
|
average: 50
|
|
burst: 100
|
|
|
|
---
|
|
# Optional: security headers for UI
|
|
apiVersion: traefik.io/v1alpha1
|
|
kind: Middleware
|
|
metadata:
|
|
name: security-headers
|
|
spec:
|
|
headers:
|
|
stsSeconds: 31536000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
frameDeny: true
|
|
referrerPolicy: "no-referrer"
|
|
customResponseHeaders:
|
|
X-Content-Type-Options: "nosniff"
|
|
X-Frame-Options: "DENY"
|
|
X-XSS-Protection: "1; mode=block" |