diff --git a/.github/workflows/charts-test.yaml b/.github/workflows/charts-test.yaml
index 08cc61568ea..64e6768a079 100644
--- a/.github/workflows/charts-test.yaml
+++ b/.github/workflows/charts-test.yaml
@@ -150,7 +150,7 @@ jobs:
         run: |
           ## TODO: Move to our Helm Charts
           ## TODO: Only add when required
-          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
             kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
@@ -208,7 +208,7 @@ jobs:
 
       - name: Add Dependencies
         run: |
-          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
             kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
@@ -266,7 +266,7 @@ jobs:
 
       - name: Add Dependencies
         run: |
-          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
             kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
@@ -324,7 +324,7 @@ jobs:
 
       - name: Add Dependencies
         run: |
-          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
             kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
@@ -382,7 +382,7 @@ jobs:
 
       - name: Add Dependencies
         run: |
-          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
             kubectl apply -f --server-side --force-conflicts https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
@@ -440,7 +440,7 @@ jobs:
 
       - name: Add Dependencies
         run: |
-          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+          if [[ "${{ matrix.chart }}" == "charts/operators/metallb-config" ]]; then
             kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
           fi
           if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
diff --git a/charts/enterprise/traefik/Chart.yaml b/charts/enterprise/traefik/Chart.yaml
index f45c0488673..d8db1332407 100644
--- a/charts/enterprise/traefik/Chart.yaml
+++ b/charts/enterprise/traefik/Chart.yaml
@@ -23,7 +23,7 @@ sources:
   - https://github.com/traefik/traefik-helm-chart
   - https://traefik.io/
 type: application
-version: 19.1.0
+version: 20.0.0
 annotations:
   truecharts.org/catagories: |
     - network
diff --git a/charts/enterprise/traefik/questions.yaml b/charts/enterprise/traefik/questions.yaml
index bdfb2413ec0..9ce5b7829d4 100644
--- a/charts/enterprise/traefik/questions.yaml
+++ b/charts/enterprise/traefik/questions.yaml
@@ -198,6 +198,7 @@ questions:
 # Include{realIPMiddleware}
 # Include{geoBlockMiddleware}
 # Include{addPrefixMiddleware}
+# Include{modsecurityMiddleware}
   - variable: service
     group: "Networking and Services"
     label: "Configure Service Entrypoint"
diff --git a/charts/enterprise/traefik/templates/_portalhook.tpl b/charts/enterprise/traefik/templates/_portalhook.tpl
index 242555bdc92..ec69a695ca6 100644
--- a/charts/enterprise/traefik/templates/_portalhook.tpl
+++ b/charts/enterprise/traefik/templates/_portalhook.tpl
@@ -10,7 +10,6 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ $name }}
-  namespace: tc-system
 data:
   {{- $ports := dict }}
   {{- range $.Values.service }}
diff --git a/charts/enterprise/traefik/templates/middlewares/addPrefix.yaml b/charts/enterprise/traefik/templates/middlewares/addPrefix.yaml
index cae53f113ea..47138233643 100644
--- a/charts/enterprise/traefik/templates/middlewares/addPrefix.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/addPrefix.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   addPrefix:
     prefix: {{ $middlewareData.prefix }}
diff --git a/charts/enterprise/traefik/templates/middlewares/basic-middleware.yaml b/charts/enterprise/traefik/templates/middlewares/basic-middleware.yaml
index 108b99499d3..ef4671254ef 100644
--- a/charts/enterprise/traefik/templates/middlewares/basic-middleware.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/basic-middleware.yaml
@@ -3,7 +3,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   compress: {}
 ---
@@ -13,7 +13,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   rateLimit:
     average: 600
@@ -23,7 +23,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   headers:
     accessControlAllowMethods:
@@ -48,7 +48,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   chain:
     middlewares:
diff --git a/charts/enterprise/traefik/templates/middlewares/basicauth.yaml b/charts/enterprise/traefik/templates/middlewares/basicauth.yaml
index dab1a486a62..1bbdc462b34 100644
--- a/charts/enterprise/traefik/templates/middlewares/basicauth.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/basicauth.yaml
@@ -10,7 +10,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ printf "%v-%v" $middlewareData.name "secret" }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 type: Opaque
 stringData:
   users: |
@@ -23,7 +23,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   basicAuth:
     secret: {{ printf "%v-%v" $middlewareData.name "secret" }}
diff --git a/charts/enterprise/traefik/templates/middlewares/buffering.yaml b/charts/enterprise/traefik/templates/middlewares/buffering.yaml
index eae1dad276d..bcefddb6179 100644
--- a/charts/enterprise/traefik/templates/middlewares/buffering.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/buffering.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   buffering: {{/* Only render if its not <nil> and has a value of 0 or greater */}}
     {{- if not (kindIs "invalid" $middlewareData.maxRequestBodyBytes) (ge ($middlewareData.maxRequestBodyBytes | int) 0) }}
diff --git a/charts/enterprise/traefik/templates/middlewares/chain.yaml b/charts/enterprise/traefik/templates/middlewares/chain.yaml
index ec4c38100d7..17d8853fb05 100644
--- a/charts/enterprise/traefik/templates/middlewares/chain.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/chain.yaml
@@ -1,7 +1,7 @@
 {{- $values := .Values -}}
-{{- $namespace := "tc-system" -}}
+{{- $namespace := $.Release.Namespace -}}
 {{- if $.Values.ingressClass.enabled -}}
-  {{- $namespace := (printf "tc-system-%s" .Release.Name) -}}
+  {{- $namespace := (printf "%v-%v" $namespace .Release.Name) -}}
 {{- end -}}
 
 {{- range $index, $middlewareData := .Values.middlewares.chain }}
@@ -11,7 +11,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   chain:
     middlewares:
diff --git a/charts/enterprise/traefik/templates/middlewares/customFrameOptionsValue.yaml b/charts/enterprise/traefik/templates/middlewares/customFrameOptionsValue.yaml
index 2931f1d1126..9b9f2b6606c 100644
--- a/charts/enterprise/traefik/templates/middlewares/customFrameOptionsValue.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/customFrameOptionsValue.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   headers:
     customFrameOptionsValue: {{ $middlewareData.value }}
diff --git a/charts/enterprise/traefik/templates/middlewares/customRequestHeaders.yaml b/charts/enterprise/traefik/templates/middlewares/customRequestHeaders.yaml
index e9c5b030fd6..3c43a131a1d 100644
--- a/charts/enterprise/traefik/templates/middlewares/customRequestHeaders.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/customRequestHeaders.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   headers:
     customRequestHeaders:
diff --git a/charts/enterprise/traefik/templates/middlewares/customResponseHeaders.yaml b/charts/enterprise/traefik/templates/middlewares/customResponseHeaders.yaml
index c11e151a2d7..a75db8a3382 100644
--- a/charts/enterprise/traefik/templates/middlewares/customResponseHeaders.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/customResponseHeaders.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   headers:
     customResponseHeaders:
diff --git a/charts/enterprise/traefik/templates/middlewares/forwardauth.yaml b/charts/enterprise/traefik/templates/middlewares/forwardauth.yaml
index 08ad72e5cca..787fa796823 100644
--- a/charts/enterprise/traefik/templates/middlewares/forwardauth.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/forwardauth.yaml
@@ -4,7 +4,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   forwardAuth:
     address: {{ $middlewareData.address }}
diff --git a/charts/enterprise/traefik/templates/middlewares/geoblock.yaml b/charts/enterprise/traefik/templates/middlewares/geoblock.yaml
index ad78037f3cd..2a647778e56 100644
--- a/charts/enterprise/traefik/templates/middlewares/geoblock.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/geoblock.yaml
@@ -4,7 +4,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   plugin:
     GeoBlock:
diff --git a/charts/enterprise/traefik/templates/middlewares/ipwhitelist.yaml b/charts/enterprise/traefik/templates/middlewares/ipwhitelist.yaml
index fcb7de882a7..fc876aca5fe 100644
--- a/charts/enterprise/traefik/templates/middlewares/ipwhitelist.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/ipwhitelist.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   ipWhiteList:
     sourceRange:
diff --git a/charts/enterprise/traefik/templates/middlewares/modsecurity.yaml b/charts/enterprise/traefik/templates/middlewares/modsecurity.yaml
new file mode 100644
index 00000000000..07a8d5d358f
--- /dev/null
+++ b/charts/enterprise/traefik/templates/middlewares/modsecurity.yaml
@@ -0,0 +1,14 @@
+{{- range $index, $middlewareData := .Values.middlewares.modsecurity }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  plugin:
+    traefik-modsecurity-plugin:
+      modSecurityUrl: {{ $middlewareData.modSecurityUrl }}
+      timeoutMillis: {{ $middlewareData.timeoutMillis }}
+      maxBodySize: {{ $middlewareData.maxBodySize }}
+{{- end -}}
diff --git a/charts/enterprise/traefik/templates/middlewares/ratelimit.yaml b/charts/enterprise/traefik/templates/middlewares/ratelimit.yaml
index d1ded79a7d7..cd9117633f6 100644
--- a/charts/enterprise/traefik/templates/middlewares/ratelimit.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/ratelimit.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   rateLimit:
     average: {{ $middlewareData.average }}
diff --git a/charts/enterprise/traefik/templates/middlewares/real-ip.yaml b/charts/enterprise/traefik/templates/middlewares/real-ip.yaml
index a0383c239c5..2877d9ce7f7 100644
--- a/charts/enterprise/traefik/templates/middlewares/real-ip.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/real-ip.yaml
@@ -4,7 +4,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   plugin:
     traefik-real-ip:
diff --git a/charts/enterprise/traefik/templates/middlewares/redirectScheme.yaml b/charts/enterprise/traefik/templates/middlewares/redirectScheme.yaml
index 21f45fa1ab4..09f3093998a 100644
--- a/charts/enterprise/traefik/templates/middlewares/redirectScheme.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/redirectScheme.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   redirectScheme:
     scheme: {{ $middlewareData.scheme }}
diff --git a/charts/enterprise/traefik/templates/middlewares/redirectregex.yaml b/charts/enterprise/traefik/templates/middlewares/redirectregex.yaml
index ea6a64029a5..30f44f9081b 100644
--- a/charts/enterprise/traefik/templates/middlewares/redirectregex.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/redirectregex.yaml
@@ -5,7 +5,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   redirectRegex:
     regex: {{ $middlewareData.regex | quote }}
diff --git a/charts/enterprise/traefik/templates/middlewares/stripPrefixRegex.yaml b/charts/enterprise/traefik/templates/middlewares/stripPrefixRegex.yaml
index 170f55df4e2..6fd4c8c9970 100644
--- a/charts/enterprise/traefik/templates/middlewares/stripPrefixRegex.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/stripPrefixRegex.yaml
@@ -4,7 +4,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   stripPrefixRegex:
     regex:
diff --git a/charts/enterprise/traefik/templates/middlewares/tc-chains.yaml b/charts/enterprise/traefik/templates/middlewares/tc-chains.yaml
index 2548dc91521..5566d77c146 100644
--- a/charts/enterprise/traefik/templates/middlewares/tc-chains.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/tc-chains.yaml
@@ -3,7 +3,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   chain:
     middlewares:
@@ -15,7 +15,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   chain:
     middlewares:
diff --git a/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml b/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml
index 437f49147e0..b0500afc708 100644
--- a/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/tc-headers.yaml
@@ -3,7 +3,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   headers:
     accessControlAllowHeaders:
@@ -33,7 +33,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   headers:
     accessControlAllowMethods:
diff --git a/charts/enterprise/traefik/templates/middlewares/tc-nextcloud.yaml b/charts/enterprise/traefik/templates/middlewares/tc-nextcloud.yaml
index 13547ff5166..fcb09becb98 100644
--- a/charts/enterprise/traefik/templates/middlewares/tc-nextcloud.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/tc-nextcloud.yaml
@@ -3,7 +3,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   redirectRegex:
     regex: "https://(.*)/.well-known/(card|cal)dav"
@@ -13,7 +13,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   chain:
     middlewares:
diff --git a/charts/enterprise/traefik/templates/middlewares/theme-park.yaml b/charts/enterprise/traefik/templates/middlewares/theme-park.yaml
index 103d53c314a..16abf2e2f34 100644
--- a/charts/enterprise/traefik/templates/middlewares/theme-park.yaml
+++ b/charts/enterprise/traefik/templates/middlewares/theme-park.yaml
@@ -4,7 +4,7 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
-  namespace: tc-system
+  namespace: {{ $.Release.Namespace }}
 spec:
   plugin:
     traefik-themepark:
diff --git a/charts/enterprise/traefik/values.yaml b/charts/enterprise/traefik/values.yaml
index e60e9f75a86..c0e11042844 100644
--- a/charts/enterprise/traefik/values.yaml
+++ b/charts/enterprise/traefik/values.yaml
@@ -48,6 +48,9 @@ workload:
 podOptions:
   automountServiceAccountToken: true
 
+operator:
+  register: true
+
 # -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
 ingressClass:
   # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
@@ -421,6 +424,14 @@ middlewares:
   #   blackListMode: false
   #   countries:
   #     - RU
+  modsecurity: []
+  # - name: modsecurityName
+  #   modSecurityUrl: modSecurity container URL
+  #   timeoutMillis: Configurated  timeout
+  #   maxBodySize: maxBodySize
+  ## Note: body of every request will be buffered in memory while the request is in-flight
+  ## (i.e.: during the security check and during the request processing by traefik and the backend),
+  ## so you may want to tune maxBodySize depending on how much RAM you have.
 
 portalhook:
   enabled: true
diff --git a/templates/questions/traefik/modsecurityMiddleware.yaml b/templates/questions/traefik/modsecurityMiddleware.yaml
new file mode 100644
index 00000000000..e87a51f0b1e
--- /dev/null
+++ b/templates/questions/traefik/modsecurityMiddleware.yaml
@@ -0,0 +1,41 @@
+        - variable: modsecurity
+          label: modsecurity
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: modsecurityEntry
+                label: ""
+                schema:
+                  additional_attrs: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      description: This is a 3rd party plugin and not maintained by TrueCharts,
+                        for more information go to <a href="https://github.com/acouvreur/traefik-modsecurity-plugin">traefik-modsecurity-plugin</a>
+                      schema:
+                        type: string
+                        required: true
+                        default: ""
+                    - variable: modSecurityUrl
+                      label: ModSecurity Url
+                      description: It's the URL for the owasp/modsecurity container.
+                      schema:
+                        type: string
+                        required: true
+                        default: "https://someurl"
+                    - variable: timeoutMillis
+                      label: timeout Millis
+                      description: timeout in milliseconds for the http client to talk with modsecurity container. (
+                      schema:
+                        type: int
+                        required: true
+                        default: 2
+                    - variable: maxBodySize
+                      label: maxBody Size
+                      description: it's the maximum limit for requests body size. Requests exceeding this value will be rejected using HTTP 413 Request Entity Too Large. Zero means "use default value".
+                      schema:
+                        type: int
+                        required: true
+                        default: 0