diff --git a/traefik/templates/middleware-chain.yaml b/traefik/templates/middleware-chain.yaml
new file mode 100644
index 0000000..dd966a0
--- /dev/null
+++ b/traefik/templates/middleware-chain.yaml
@@ -0,0 +1,9 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: internal-only
+spec:
+  chain:
+    middlewares:
+      - name: traefik-real-ip
+      - name: whitelist
diff --git a/traefik/templates/middlewares.yaml b/traefik/templates/middlewares.yaml
index aaf45ab..e512223 100644
--- a/traefik/templates/middlewares.yaml
+++ b/traefik/templates/middlewares.yaml
@@ -20,15 +20,31 @@ spec:
       - X-authentik-meta-app
       - X-authentik-meta-version
 
+
 ---
 
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: whitelist
-  namespace: traefik
 spec:
   ipWhiteList:
     sourceRange:
-      - 192.168.20.1/32      
+      - 192.168.10.1/32
+      - 192.168.30.1/24
       - 10.0.0.0/8
+    ipStrategy:
+      depth: 1
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-real-ip
+spec:
+  plugin:
+    traefik-real-ip:
+      excludednets:
+        - "1.1.1.1/24"
+