diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index df69605..d3693f5 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -44,7 +44,25 @@ authentication_backend:
 # Access Control
 #########################################################
 access_control:
-  default_policy: bypass
+  default_policy: deny
+  rules:
+    - domain: "auth.gate.3launchpad.com"
+      policy: bypass
+      
+    - domain: "status.gate.3launchpad.com"
+      policy: bypass
+
+    - domain: "traefik.gate.3launchpad.com"
+      policy: bypass
+
+    - domain: "portainer.gate.3launchpad.com"
+      policy: bypass
+
+    - domain_regex: "(grafana|prometheus|umami)\\.gate\\.3launchpad\\.com"
+      policy: bypass
+
+    - domain: "*.gate.3launchpad.com"
+      policy: bypass
       policy: one_factor
 
 #########################################################
diff --git a/docker-compose.yml b/docker-compose.yml
index 730dfdd..1ef0924 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -106,7 +106,7 @@ services:
       - traefik.http.routers.traefik.entrypoints=websecure
       - traefik.http.routers.traefik.tls.certresolver=le
       - traefik.http.routers.traefik.service=api@internal
-      - traefik.http.routers.traefik.middlewares=crowdsec-plugin,authelia,security-headers
+      - traefik.http.routers.traefik.middlewares=crowdsec-plugin,security-headers
 
   ## ─────────────────────────────────────────────
   ## Portainer — Docker control plane