Use Traefik and RegExp to bypass AdBlockers

Jan 10, 2022
Last update: Feb 20, 2022
~ 2 min

This will be a controversial one, so let me explain the motivations first.

I was using Matomo for collecting traffic metrics on different websites, however it’s kind of bloated for what I need to do. My goal is to get a grasp on viewership, without collecting personal data or any fancy analytics. I wanted to try out Umami as it seems simple and is privacy respecting first (including GDPR), without the need to tweak settings.

The problem was that my AdBlocker was not letting request through and since most of the people visiting this site will probably devs they surely have some AdBlocker installed.

FYI: All the data collected on this site are accessible and visible to anyone here.

Photo by 逸 韩 on Unsplash

The issue

Lets have a look at the typical Umami code:


The problem is that most block list have umami.js on it, which make measuring anonymous traffic impossible. Now blocklists are very static (for performance reasons) and therefore quite easy to circumnavigate.


What do you do when the street you are driving on is blocker? You take the detour.

The solution is not to use umami.js directly, but redirect it form another name. With traefik this is very easy using the ReplacePathRegex middleware. Let’s see how:

version: '3.8'

    external: true

      - default
      - proxy
      - traefik.enable=true
      - traefik.http.routers.umami.rule=Host(``)
      - traefik.http.routers.umami.entrypoints=secure
      - traefik.http.routers.umami.tls.certresolver=le
      - traefik.http.routers.umami.middlewares=umami-rewrite
      - traefik.http.middlewares.umami-rewrite.replacepathregex.regex=/unicorn.js
      - traefik.http.middlewares.umami-rewrite.replacepathregex.replacement=/umami.js

    image: postgres:12-alpine

We need to configure the regex and replacement parameters for the replacepathregex middleware. In my case I chose to use /unicorn.js and redirect it internally to /umami.js. This way the internal service is doing business as usual while ad blockers do not block the request.


As you can imagine this would enable far more nefarious use cases. You could also mask it as something like 23hf872.min.js or whatever. So use with caution and always keep in mind your users privacy and data!