The Traefik module is a middleware plugin using our Go integration.

Prerequisites

Traefik v2.3+

The server-side key available in your DataDome dashboard

Installation

Adding the Plugin

Add the DataDome plugin to your Traefik static configuration:

experimental:
  plugins:
    datadome:
      moduleName: github.com/DataDome/module-traefik-package
      version: v1.0.0

[experimental.plugins.datadome]
  moduleName = "github.com/DataDome/module-traefik-package"
  version = "v1.0.0"

--experimental.plugins.datadome.modulename=github.com/DataDome/module-traefik-package
--experimental.plugins.datadome.version=v1.0.0

Configuring the Middleware

After adding the plugin, configure it as a middleware in your dynamic configuration:

http:
  middlewares:
    datadome-protection:
      plugin:
        datadome:
          serverSideKey: "YOUR_DATADOME_SERVER_SIDE_KEY" # Replace by your server-side key

[http.middlewares]
  [http.middlewares.datadome-protection.plugin.datadome]
    serverSideKey = "YOUR_DATADOME_SERVER_SIDE_KEY" # Replace by your server-side key

labels:
  - "traefik.http.middlewares.datadome-protection.plugin.datadome.serverSideKey=YOUR_DATADOME_SERVER_SIDE_KEY"  # Replace by your server-side key

Applying the Middleware

Apply the middleware to your routes:

http:
  routers:
    my-router:
      rule: "Host(`example.com`)"
      service: my-service
      middlewares:
        - datadome-protection

Important: Restart Traefik after adding or modifying plugins to load the changes.

Configuration

Field	Type	Required	Description	Default
`serverSideKey`	string	Yes	Your DataDome Server Side Key.	-
`enableGraphQLSupport`	boolean	No	Enables the support of GraphQL requests.	`false`
`enableReferrerRestoration`	boolean	No	Restores original referrer after a challenge is passed.	`false`
`endpoint`	string	No	Host of the Protection API.	`api.datadome.co`
`maximumBodySize`	integer	No	Maximum request body size (in bytes) to analyze.	25 Kb
`timeout`	integer	No	Timeout in milliseconds, after which the request will be allowed.	`150`
`urlPatternExclusion`	string	No	Regex to match to exclude requests from being processed with the Protection API. If not defined, all requests will be processed.	`(?i)\.(avi\|flv\|mka\|mkv\|mov\|mp4\|mpeg\|mpg\|mp3\|flac\|ogg\|ogm\|opus\|wav\|webm\|webp\|bmp\|gif\|ico\|jpeg\|jpg\|png\|svg\|svgz\|swf\|eot\|otf\|ttf\|woff\|woff2\|css\|less\|js\|map\|json)$`
`urlPatternInclusion`	string	No	Regex to match to process the request with the Protection API. If not defined, all requests that don't match `urlPatternExclusion` will be processed.	-
`useXForwardedHost`	boolean	No	Use the `X-Forwarded-Host` header instead of the `Host` header when the application is behind a reverse proxy/load balancer.	`false`

Find below an example of configuration:

http:
  middlewares:
    datadome-protection:
      plugin:
        datadome:
          serverSideKey: "YOUR_DATADOME_SERVER_SIDE_KEY"
          timeout: 300
          enableGraphQLSupport: true
          useXForwardedHost: true