diff --git a/docker-compose.emg.staging.yml b/docker-compose.emg.staging.yml
index 622e074dfbb5e438186cfc22753341df8d3cbb75..77865cf5e6800d0e0fa2f6063fc2919a6ea77182 100644
--- a/docker-compose.emg.staging.yml
+++ b/docker-compose.emg.staging.yml
@@ -25,16 +25,16 @@ services:
         - "traefik.http.routers.emg-renderer-redirect-shib.middlewares=redirect@file"
         - "traefik.http.routers.emg-renderer-redirect-shib.entrypoints=http"
         # router for internal proxy based access (https)
-        - "traefik.http.middlewares.emg-pass-whitelist.ipwhitelist.sourcerange=178.248.89.10"
+        - "traefik.http.middlewares.emg-renderer-proxy-wl.ipwhitelist.sourcerange=178.248.89.10"
         - "traefik.http.middlewares.emg-renderer-proxy-fa.forwardauth.address=http://shibauth-emg/proxy-renderer"
         - "traefik.http.routers.emg-renderer-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
-        - "traefik.http.routers.emg-renderer-proxy.middlewares=emg-pass-whitelist,emg-renderer-proxy-fa,compress@file,cors@file"
+        - "traefik.http.routers.emg-renderer-proxy.middlewares=emg-renderer-proxy-wl,emg-renderer-proxy-fa,compress@file,cors@file"
         - "traefik.http.routers.emg-renderer-proxy.tls=true"
         - "traefik.http.routers.emg-renderer-proxy.tls.certresolver=default"
         - "traefik.http.routers.emg-renderer-proxy.entrypoints=https"
         # router for internal proxy based access (http)
         - "traefik.http.routers.emg-renderer-redirect-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
-        - "traefik.http.routers.emg-renderer-redirect-proxy.middlewares=emg-pass-whitelist,redirect@file"
+        - "traefik.http.routers.emg-renderer-redirect-proxy.middlewares=emg-renderer-proxy-wl,redirect@file"
         - "traefik.http.routers.emg-renderer-redirect-proxy.entrypoints=http"
         # router for basic auth based access (https)
         - "traefik.http.routers.emg-renderer.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/ows`, `/opensearch`, `/admin`)"
@@ -68,9 +68,9 @@ services:
         - "traefik.http.middlewares.cache-stripprefix.stripprefix.prefixes=/cache"
         # router for shib auth based access (https)
         - "traefik.http.routers.emg-cache-shib.rule=Host(`emg.pass.copernicus.eu`) && PathPrefix(`/cache`)"
-        - "traefik.http.routers.emg-cache-shib.middlewares=emg-cache-shib-chain"
         - "traefik.http.middlewares.emg-cache-shib-fa.forwardauth.address=http://shibauth-emg/secure"
         - "traefik.http.middlewares.emg-cache-shib-chain.chain.middlewares=emg-cache-shib-fa,cache-stripprefix,compress@file,cors@file"
+        - "traefik.http.routers.emg-cache-shib.middlewares=emg-cache-shib-chain"
         - "traefik.http.routers.emg-cache-shib.tls=true"
         - "traefik.http.routers.emg-cache-shib.tls.certresolver=default"
         - "traefik.http.routers.emg-cache-shib.entrypoints=https"
@@ -79,17 +79,17 @@ services:
         - "traefik.http.routers.emg-cache-redirect-shib.middlewares=redirect@file"
         - "traefik.http.routers.emg-cache-redirect-shib.entrypoints=http"
         # router for internal proxy based access (https)
-        - "traefik.http.middlewares.emg-pass-whitelist-cache.ipwhitelist.sourcerange=178.248.89.10"
+        - "traefik.http.middlewares.emg-cache-proxy-wl.ipwhitelist.sourcerange=178.248.89.10"
         - "traefik.http.routers.emg-cache-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/cache`)"
         - "traefik.http.middlewares.emg-cache-proxy-fa.forwardauth.address=http://shibauth-emg/proxy-cache"
-        - "traefik.http.routers.emg-cache-shib.middlewares=emg-cache-proxy-chain"
-        - "traefik.http.middlewares.emg-cache-proxy-chain.chain.middlewares=emg-pass-whitelist-cache,emg-cache-proxy-fa,cache-stripprefix,compress@file,cors@file"
+        - "traefik.http.routers.emg-cache-proxy.middlewares=emg-cache-proxy-chain"
+        - "traefik.http.middlewares.emg-cache-proxy-chain.chain.middlewares=emg-cache-proxy-wl,emg-cache-proxy-fa,cache-stripprefix,compress@file,cors@file"
         - "traefik.http.routers.emg-cache-proxy.tls=true"
         - "traefik.http.routers.emg-cache-proxy.tls.certresolver=default"
         - "traefik.http.routers.emg-cache-proxy.entrypoints=https"
         # router for internal proxy based access (http)
         - "traefik.http.routers.emg-cache-redirect-proxy.rule=Host(`proxy.emg.pass.copernicus.eu`) && PathPrefix(`/cache`)"
-        - "traefik.http.routers.emg-cache-redirect-proxy.middlewares=emg-pass-whitelist-cache,redirect@file"
+        - "traefik.http.routers.emg-cache-redirect-proxy.middlewares=emg-cache-proxy-wl,redirect@file"
         - "traefik.http.routers.emg-cache-redirect-proxy.entrypoints=http"
         # router for basic auth based access (https)
         - "traefik.http.routers.emg-cache.rule=Host(`emg.pdas.prism.eox.at`, `a.emg.pdas.prism.eox.at`, `b.emg.pdas.prism.eox.at`, `c.emg.pdas.prism.eox.at`, `d.emg.pdas.prism.eox.at`, `e.emg.pdas.prism.eox.at`, `f.emg.pdas.prism.eox.at`, `g.emg.pdas.prism.eox.at`, `h.emg.pdas.prism.eox.at`) && PathPrefix(`/cache`)"