Traefik

What is Traefik
Getting Started
Getting Started
- Concepts
- Quick Start
  Quick Start
  - Docker
  - Kubernetes
- Configuration Introduction
- Install Traefik
- Frequently Asked Questions
Configuration Discovery
Configuration Discovery
- Overview
- Docker
- Swarm
- Kubernetes IngressRoute
- Kubernetes Ingress
- Kubernetes Gateway API
- Consul Catalog
- Nomad
- ECS
- File
- Consul
- Etcd
- ZooKeeper
- Redis
- HTTP
Routing & Load Balancing
Routing & Load Balancing
- Overview
- EntryPoints
- Routers
- Services
- Providers
  Providers
HTTPS & TLS
HTTPS & TLS
- Overview
- TLS
- Let's Encrypt
- Tailscale
- SPIFFE
- OCSP
Middlewares
Middlewares
- Overview
- HTTP
  HTTP
  - Overview
  - AddPrefix
  - BasicAuth
  - Buffering
  - Chain
  - CircuitBreaker
  - Compress
  - ContentType
  - DigestAuth
  - Errors
  - ForwardAuth
  - GrpcWeb
  - Headers
  - IPWhiteList
  - IPAllowList
  - InFlightReq
  - PassTLSClientCert
  - RateLimit
  - RedirectRegex
  - RedirectScheme
  - ReplacePath
  - ReplacePathRegex
  - Retry
  - StripPrefix
  - StripPrefixRegex
- TCP
  TCP
Plugins & Plugin Catalog
Operations
Operations
- CLI
- Dashboard
- API
- Ping
Observability
Observability
- Overview
- Logs
- Access Logs
- Metrics
  Metrics
  - Overview
  - Datadog
  - InfluxDB2
  - OpenTelemetry
  - Prometheus
  - StatsD
- Tracing
  Tracing
  - Overview
  - OpenTelemetry
Security
Security
- Content-Length
- TLS in Multi-Tenant Kubernetes
User Guides
User Guides
- FastProxy
- Kubernetes and Let's Encrypt
- Kubernetes and cert-manager
- gRPC Examples
- WebSocket Examples
- Docker
  Docker
  - Basic Example
  - HTTPS with Let's Encrypt
    HTTPS with Let's Encrypt
    
    TLS Challenge
    
    HTTP Challenge
    
    DNS Challenge
Migration
Migration
- Traefik v3 minor migrations
- Traefik v2 to v3
  Traefik v2 to v3
  - Migration guide
  - Configuration changes for v3
- Traefik v2 minor migrations
- Traefik v1 to v2
Contributing
Contributing
Reference
Reference
- Install Configuration
  Install Configuration
  - Boot Environment
  - Configuration Discovery
    Configuration Discovery
    
    Overview
    
    Kubernetes
    Kubernetes
    
    Kubernetes Gateway API
    
    Kubernetes CRD
    
    Kubernetes Ingress
    
    Docker
    
    Swarm
    
    Hashicorp
    Hashicorp
    
    Nomad
    
    Consul
    
    Consul Catalog
    
    KV Stores
    KV Stores
    
    Redis
    
    Consul
    
    etcd
    
    ZooKeeper
    
    Others
    Others
    
    File
    
    ECS
    
    HTTP
  - EntryPoints
  - API & Dashboard
  - TLS
    TLS
    
    Certificate Resolvers
    Certificate Resolvers
    
    Overview
    
    ACME
    
    Tailscale
    
    SPIFFE
    
    OCSP
  - Observability
    Observability
    
    Metrics
    
    Tracing
    
    Logs & AccessLogs
    
    Health Check (CLI & Ping)
- Routing Configuration
  Routing Configuration
  - General
    General
    
    Configuration Methods
    
    HTTP
    HTTP
    
    Router
    Router
    
    Rules & Priority
    
    Observability
    
    Load Balancing
    Load Balancing
    
    Service
    
    ServersTransport
    
    TLS
    TLS
    
    Overview
    
    TLS Certificates
    
    TLS Options
    
    Middlewares
    Middlewares
    
    Overview
    
    AddPrefix
    
    BasicAuth
    
    Buffering
    
    Chain
    
    Circuit Breaker
    
    Compress
    
    ContentType
    
    DigestAuth
    
    Errors
    
    ForwardAuth
    
    GrpcWeb
    
    Headers
    
    IPAllowList
    
    InFlightReq
    
    PassTLSClientCert
    
    RateLimit
    
    RedirectRegex
    
    RedirectScheme
    
    ReplacePath
    
    ReplacePathRegex
    
    Retry
    
    StripPrefix
    
    StripPrefixRegex
    
    TCP
    TCP
    
    Router
    Router
    
    Rules & Priority
    
    Service
    
    ServersTransport
    
    TLS
    
    Middlewares
    Middlewares
    
    Overview
    
    InFlightConn
    
    IPAllowList
    
    UDP
    UDP
    
    Router
    Router
    
    Rules & Priority
    
    Service
  - Kubernetes
    Kubernetes
    
    Gateway API
    
    Kubernetes CRD
    Kubernetes CRD
    
    HTTP
    HTTP
    
    IngressRoute
    
    TraefikService
    
    ServersTransport
    
    Middleware
    
    TLSOption
    
    TLSStore
    
    TCP
    TCP
    
    IngressRouteTCP
    
    ServersTransportTCP
    
    MiddlewareTCP
    
    TLSOption
    
    TLSStore
    
    UDP
    UDP
    
    IngressRouteUDP
    
    Ingress
  - Label & Tag Providers
    Label & Tag Providers
    
    Docker
    
    Swarm
    
    Consul Catalog
    
    Nomad
    
    ECS
    
    KV
Deprecation Notices
Deprecation Notices
- Releases
- Features

Content-Length

Traefik acts as a streaming proxy. By default, it checks each chunk of data against the Content-Length header as it passes it on to the backend or client. This live check blocks truncated or over‑long streams without holding the entire message.

If you need Traefik to read and verify the full body before any data moves on, add the buffering middleware:

http:
  middlewares:
    buffer-and-validate:
      buffering: {}

With buffering enabled, Traefik will:

Read the entire request or response into memory.
Compare the actual byte count to the Content-Length header.
Reject the message if the counts do not match.

Warning

Buffering adds overhead. Every request and response is held in full before forwarding, which can increase memory use and latency. Use it when strict content validation is critical to your security posture.