diff --git a/1. docker-stacks/traefik/data/rules/middlewares.yml b/1. docker-stacks/traefik/data/rules/middlewares.yml
new file mode 100644
index 0000000..f8f4f52
--- /dev/null
+++ b/1. docker-stacks/traefik/data/rules/middlewares.yml	
@@ -0,0 +1,20 @@
+http:
+  middlewares:
+    # 1. Authentik Middleware (De Poortwachter)
+    authentik:
+      forwardAuth:
+        # Dit verwijst naar de Authentik Server container intern
+        address: "http://authentik-server-1:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - "X-authentik-username"
+          - "X-authentik-groups"
+          - "X-authentik-email"
+          - "X-authentik-name"
+          - "X-authentik-uid"
+          - "X-authentik-jwt"
+          - "X-authentik-meta-jwks"
+          - "X-authentik-meta-outpost"
+          - "X-authentik-meta-provider"
+          - "X-authentik-meta-app"
+          - "X-authentik-meta-version"
\ No newline at end of file
diff --git a/1. docker-stacks/traefik/docker-compose.yml b/1. docker-stacks/traefik/docker-compose.yml
index 5ea8c61..4aad5fa 100644
--- a/1. docker-stacks/traefik/docker-compose.yml	
+++ b/1. docker-stacks/traefik/docker-compose.yml	
@@ -26,6 +26,7 @@ services:
       - "traefik.http.routers.traefik.rule=Host(`traefik.stackbabber.nl`)"
       - "traefik.http.routers.traefik.entrypoints=web"
       - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.middlewares=authentik@file"
 
 networks:
   proxy: