From 048888429f5f050f3469ad273e753aeef43e71cb Mon Sep 17 00:00:00 2001
From: Mohmmed Elfateh Sabry <59346303+elfateh4@users.noreply.github.com>
Date: Mon, 11 Aug 2025 02:24:45 +0300
Subject: [PATCH] Update access control policy in Authelia configuration and
 modify Traefik middleware settings

---
 authelia/configuration.yml | 20 +++++++++++++++++++-
 docker-compose.yml         |  2 +-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/authelia/configuration.yml b/authelia/configuration.yml
index df69605..d3693f5 100644
--- a/authelia/configuration.yml
+++ b/authelia/configuration.yml
@@ -44,7 +44,25 @@ authentication_backend:
 # Access Control
 #########################################################
 access_control:
-  default_policy: bypass
+  default_policy: deny
+  rules:
+    - domain: "auth.gate.3launchpad.com"
+      policy: bypass
+      
+    - domain: "status.gate.3launchpad.com"
+      policy: bypass
+
+    - domain: "traefik.gate.3launchpad.com"
+      policy: bypass
+
+    - domain: "portainer.gate.3launchpad.com"
+      policy: bypass
+
+    - domain_regex: "(grafana|prometheus|umami)\\.gate\\.3launchpad\\.com"
+      policy: bypass
+
+    - domain: "*.gate.3launchpad.com"
+      policy: bypass
       policy: one_factor
 
 #########################################################
diff --git a/docker-compose.yml b/docker-compose.yml
index 730dfdd..1ef0924 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -106,7 +106,7 @@ services:
       - traefik.http.routers.traefik.entrypoints=websecure
       - traefik.http.routers.traefik.tls.certresolver=le
       - traefik.http.routers.traefik.service=api@internal
-      - traefik.http.routers.traefik.middlewares=crowdsec-plugin,authelia,security-headers
+      - traefik.http.routers.traefik.middlewares=crowdsec-plugin,security-headers
 
   ## ─────────────────────────────────────────────
   ## Portainer — Docker control plane