Skip to content

New: Microsoft Sentinel TAXII integration is in technical preview.Read the integration guide

Simple Setup

This guide covers setting up the ELLIO Traefik Middleware Plugin on a standalone Traefik deployment - the most common setup where Traefik runs as the primary reverse proxy.

  • Docker and Docker Compose (recommended) or standalone Traefik installation
  • Bootstrap token from your custom EDL configured for “Traefik Middleware”

Configure Traefik to load the ELLIO plugin and create middleware instances.

traefik.yml
api:
dashboard: true
insecure: true # Set to false in production
entryPoints:
web:
address: :80
websecure:
address: :443
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
file:
filename: /etc/traefik/dynamic.yml
watch: true
# ELLIO Plugin Configuration
experimental:
plugins:
ellio:
moduleName: github.com/ELLIO-Technology/ELLIO-Traefik-Middleware-Plugin
version: v1.0.2
log:
level: INFO
accessLog: {}
dynamic.yml
http:
middlewares:
# ELLIO EDL Middleware
ellio-edl:
plugin:
ellio:
bootstrapToken: "YOUR_ELLIO_BOOTSTRAP_TOKEN"
logLevel: "info"
ipStrategy: "direct" # Change based on your setup
routers:
# Protected application
protected-app:
rule: "Host(`app.example.com`)"
service: my-app
middlewares:
- ellio-edl
entryPoints:
- web
# Dashboard (secure in production)
api:
rule: "Host(`traefik.example.com`)"
service: api@internal
entryPoints:
- web
services:
my-app:
loadBalancer:
servers:
- url: "http://192.168.1.100:8080"
docker-compose.yml
services:
traefik:
image: traefik:v3.2
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "8080:8080" # Dashboard - secure in production
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./dynamic.yml:/etc/traefik/dynamic.yml:ro
networks:
- web
# Example backend service
whoami:
image: traefik/whoami
container_name: whoami
networks:
- web
labels:
- "traefik.enable=false" # Using file provider
networks:
web:
driver: bridge
Terminal window
# Start services
docker-compose up -d
# View logs
docker-compose logs -f traefik
Terminal window
# Check Traefik logs for ELLIO plugin initialization
docker logs traefik 2>&1 | grep -i ellio
# Should show messages like:
# Initializing ELLIO middleware for deployment: YOUR_DEPLOYMENT_ID

Once the plugin is active, blocked requests appear in your ELLIO platform dashboard:

Blocked requests in the ELLIO platform

Terminal window
# 1. Add your current IP to blocklist in ELLIO platform
# 2. Wait for EDL refresh (check your EDL update frequency)
# Test from blocked IP (should get 403)
curl -H "Host: app.example.com" http://localhost/
# Expected: 403 Forbidden
# Test from different IP or remove from blocklist
# Expected: Normal response

Choose the IP extraction strategy that matches your topology:

# Use when Traefik receives direct client connections
middlewares:
ellio-edl:
plugin:
ellio:
bootstrapToken: "YOUR_ELLIO_BOOTSTRAP_TOKEN"
ipStrategy: "direct"