Skip to content

DataDome/module-traefik-package

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DataDome Traefik Plugin

Bot protection middleware for Traefik with DataDome. Detects and blocks automated threats, bots, and malicious traffic in real-time.

Installation

Prerequisites

Adding the Plugin

Add the DataDome plugin to your Traefik static configuration:

File (YAML)

experimental:
  plugins:
    datadome:
      moduleName: github.com/DataDome/module-traefik-package
      version: v1.0.0

File (TOML)

[experimental.plugins.datadome]
  moduleName = "github.com/DataDome/module-traefik-package"
  version = "v1.0.0"

CLI

--experimental.plugins.datadome.modulename=github.com/DataDome/module-traefik-package
--experimental.plugins.datadome.version=v1.0.0

Configuring the Middleware

After adding the plugin, configure it as a middleware in your dynamic configuration:

File (YAML)

http:
  middlewares:
    datadome-protection:
      plugin:
        datadome:
          serverSideKey: "YOUR_DATADOME_SERVER_SIDE_KEY"
          timeout: 300

File (TOML)

[http.middlewares]
  [http.middlewares.datadome-protection.plugin.datadome]
    serverSideKey = "YOUR_DATADOME_SERVER_SIDE_KEY"
    timeout = 300

Docker Labels

labels:
  - "traefik.http.middlewares.datadome-protection.plugin.datadome.serverSideKey=YOUR_DATADOME_SERVER_SIDE_KEY"
  - "traefik.http.middlewares.datadome-protection.plugin.datadome.timeout=300"

Applying the Middleware

Apply the middleware to your routes:

http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      middlewares:
        - datadome-protection

Important: Restart Traefik after adding or modifying plugins to load the changes.

Configuration

Field Type Required Default Description
serverSideKey string Yes - Your DataDome Server Side Key.
enableGraphQLSupport boolean No false Enables the support of GraphQL requests.
enableReferrerRestoration boolean No false Restores original referrer after a challenge is passed.
endpoint string No api.datadome.co Host of the Protection API.
maximumBodySize integer No 25 Kb Maximum request body size (in bytes) to analyze.
timeout integer No 150 Timeout in milliseconds, after which the request will be allowed.
urlPatternExclusion string No (?i)\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map|json)$ Regex to match to exclude requests from being processed with the Protection API. If not defined, all requests will be processed.
urlPatternInclusion string No - Regex to match to process the request with the Protection API. If not defined, all requests that don't match urlPatternExclusion will be processed.
useXForwardedHost boolean No false Use the X-Forwarded-Host header instead of the Host header when the application is behind a reverse proxy/load balancer.

Configuration Example

http:
  middlewares:
    datadome-protection:
      plugin:
        datadome:
          serverSideKey: "YOUR_DATADOME_SERVER_SIDE_KEY"
          timeout: 300
          enableGraphQLSupport: true
          useXForwardedHost: true

How It Works

The DataDome plugin acts as a middleware in your Traefik routing pipeline:

  1. Request Interception: All incoming HTTP requests pass through the DataDome middleware
  2. Bot Detection: DataDome analyzes request patterns, headers, and behavior in real-time
  3. Decision: The plugin receives a decision from DataDome's API (allow or block)
  4. Action: Blocked requests receive a challenge page or are denied; legitimate requests continue to your service

Documentation

See the documentation here

Support

Packages

No packages published

Contributors 2

  •  
  •  

Languages