OK, I figured it out. It’s really dumb…
[providers]
[providers.consulCatalog]
prefix = "traefik"
exposedByDefault = true
connectAware = true
connectByDefault = true
defaultRule = "Host(`{{ normalize .Name }}.service.consul`)"
servicename = "traefik-http" # <-- this needs to match with how the service is registered inside consul!
#watch = true
servicename inside your consul catalog definition MUST MATCH with how the service is registered in Consul.
E.g. mine is registered as traefik-http. So, I need to configure servicename = "traefik-http".
Now, when setting default-deny, but allowing traefik-http, I’m able to browse!
