Open bombaata opened 1 year ago
Hey there @home-assistant/core, mind taking a look at this issue as it has been labeled with an integration (http
) you are listed as a code owner for? Thanks!
(message by CodeOwnersMention)
http documentation http source (message by IssueLinks)
I have a similar issue here. I can log to Home Assistant from any of my Mac computers except one.
HA Core version: 2023.8.1 running in a Docker container on a Synology NAS.
This is the error I am getting and the "ip_bans.yaml"' file is empty.
Login attempt or request with invalid authentication from 172.17.0.1 (172.17.0.1). Requested URL: '/auth/login_flow/7f14743d13e199d3372abf9ac74fbb63'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15)
Login attempt or request with invalid authentication from 172.17.0.1 (172.17.0.1). Requested URL: '/auth/login_flow/452ec79f148be3ec0cca6781cbb0071a'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15)
Hi, here the same issue. I think the error occours when i entry or leave home and is dependend from a bad WLAN signal strength in that moment when the App want access the ha-instance. I have that issue with Android 9 and 13 devices. Furthermore i think the issue exist since a long time. Today i am on: Home Assistant 2023.8.4 Supervisor 2023.08.3 Operating System 10.5 installed as VM on proxmox.
Logger: homeassistant.components.http.banhomeassistant.components.http.ban Source: components/http/ban.py:80 Integration: HTTP (documentation, issues) First occurred: 18:29:08 (5 occurrences) Last logged: 18:29:57
Login attempt or request with invalid authentication from xxxxxxxxxxxx
Best regards Tobi
Same problem here, also being triggered by devices on Android 13 - not seeing it occur from any other devices so far.
Logger: homeassistant.components.http.ban Source: components/http/ban.py:80 Integration: HTTP (documentation, issues) First occurred: 11:32:52 AM (14 occurrences) Last logged: 11:44:57 AM
I got same error and resolve with the following configurations.
I'm using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.
location / {
proxy_pass http://10.0.0.5:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
Here is my configuration.yml
http:
cors_allowed_origins:
- https://public.domain.tld # my public domain
use_x_forwarded_for: true
trusted_proxies:
- 10.0.0.3 # nginx proxy manager internal IP adress
Setting -> System -> Network settings
I hope it will help to you.
I have the same issue. Here is the config and the error:
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.19.8.4
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 16:09:46 (5 occurrences)
Last logged: 16:14:43
Login attempt or request with invalid authentication from 10.19.8.1 (10.19.8.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.188)
Login attempt or request with invalid authentication from 10.19.8.1 (10.19.8.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36)
What is the 10.19.8.1? Is it your gateway or proxy IP address? If yes I thing it could be added to the trusted_proxies.
@ademalidurmus it is my IP address, the one that I am trying to access HA from.
I think i have solved the Error for me: Since i have set Up the Feature for permanent Link to my HA Server in the Android App (Android 13 device), there ist no error anymore in notification and Log. Hope that Help for you, too. Best regards Tobi
@ademalidurmus it is my IP address, the one that I am trying to access HA from.
@ivanovd can you try to add your IP address to the trusted_proxies? After configuration update pls restart HA.
@ademalidurmus it is my IP address, the one that I am trying to access HA from.
@ivanovd can you try to add your IP address to the trusted_proxies? After configuration update pls restart HA.
I think it could only help for the moment, until the device get a new puplic-IP from provider/ap. Or i'm wrong? Best regards Tobi
I think it could only help for the moment, until the device get a new puplic-IP from provider/ap. Or i'm wrong?
Yes, you are right, but this is an internal IP address, and if it can be configured manually instead of using DHCP, it will resolve. Let's wait for @ivanovd's response to understand if it will resolve the problem temporarily or permanently.
@Tobi9111 @ademalidurmus , it is an internal IP (10.19.8.1). I have added it to the trusted proxies list:
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.19.8.4
- 10.19.8.1
However, I am still getting the same error:
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: 15:16:28 (6 occurrences)
Last logged: 15:19:08
Login attempt or request with invalid authentication from 10.19.8.1 (10.19.8.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.188)
I have also installed and set up nginx proxy manager and added the host there with the following parameters:
Still no go ...
@ivanovd
location / {
proxy_pass http://10.19.9.116:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
http:
cors_allowed_origins:
- https://wc.dreamix.eu
use_x_forwarded_for: true
trusted_proxies:
- 10.19.8.4
- 10.19.8.1
@ademalidurmus yes, however, since it is an internal test instance, it will not be accessible from outside of the local network, therefore, I didn't force https and won't be forcing it. Here are all the settings that I have set and tried so far:
proxy_redirect http:// https://; was removed
I haven't accessed the instance from the mobile app yet and don't have it set up
I am still getting the same error:
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: 15:43:46 (5 occurrences)
Last logged: 15:49:50
Login attempt or request with invalid authentication from 10.19.7.5 (10.19.7.5). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 Edg/116.0.1938.69)
First of all, I'm trying to understand. If you are testing with your local environment and your mobile phone is already connected to your local network, why you are trying to connect over nginxproxy? (maybe your subnet is different, you want to isolate your network from the HA, it's possible, anyway)
Could you please change this configuration to like same as below?
After that, you should configure your mobile app with your HA address like this http://10.19.9.116:8123 for the local connections. If you are already connected to your home wifi you can try to use http://10.19.9.116:8123 instead of FQDN.
I have similar issue with small screen panels logging into HA over wallpanel app. When I manually login (with login saved ticked) it works. But each time after rebooting the panels system (android) I need to login to HA again. The webview component and wallpanel app are updated. Not sure what else I can do to have login details saved. Any ideas?
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: October 1, 2023 at 05:55:01 (4 occurrences)
Last logged: 06:54:01
Login attempt or request with invalid authentication from 192.168.1.211 (192.168.1.211). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 8.1.0; px30_evb Build/OPM8.190605.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/117.0.0.0 Mobile Safari/537.36)
Login attempt or request with invalid authentication from 192.168.1.182 (192.168.1.182). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 8.1.0; px30_evb Build/OPM8.190605.003; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/117.0.0.0 Mobile Safari/537.36)
@ademalidurmus I am trying to access the instance via URL in the internal network, and there is a record added to the local DNS server that redirects wc.dreamix.eu to 10.19.9.116, however that still doesn't work.
@denisivanovdreamix as I understand from your previous comments; the 10.19.9.116 is your HA host IP address. If you added a record to your local DNS server for redirecting wc.dreamix.eu to 10.19.9.116 it means when you access the wc.dreamix.eu will try to access the HA IP address. Bur the HA serving web UI from the 8123 port. So If you want to access with the domain name you should add a record for wc.dreamix.eu to your local proxy IP (your proxy will handle your request and will open your HA), or you can access wc.dreamix.eu:8123 from your local network.
BTW, I can access your HA.
Hi, I'm a new home assistant user and I faced same issue as uros76 posted recenty. In my case issue was http.ban error saying '/api/websocket/' invalid authentication on every single login. I used my web browser and HA in my local network (kvm virtual machine with forwarded port 8123). So I figured out for me it was caused by Adblock browser plugin. Looks like it blocked some HA scripts for some reason and caused this behavior. As soon as I turned Adblock off for HA page - all started working just fine. If you are using ad blocking in your network (dns based or browser plugin or some sort of general firewall/software) - try to whitelist HA. Hope this helps.
Same issue here, but not using a reverse proxy. I unchecked "Can only log in from the local network" in HA Settings-People, logged out from HA local server and HA cloud, logged in again and re-entered the connection info in Settings - Companion App - Server (HA cloud URL, Wifi SSID and HA internal URL). Perhaps the "Can only log in from the local network" setting in HA Settings-People prevented access after switching from WLAN to mobile network and would then also cause the access token related warnings in the HA log. Not sure if this assumption is correct, but it appears to work for the time being.
I'm also seeing this error. Not sure exactly when it started or why. My phone (where the error is coming from) only has the nabu casa URL configured in it.
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:129
Integration: HTTP (documentation, issues)
First occurred: 6:13:07 AM (1 occurrences)
Last logged: 6:13:07 AM
Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/api/websocket'. (Home Assistant/2023.10.2-11484 (Android 14; SM-S918U))
I just started having this issues when I signed up for nabu casa and started using the nabu casa link to access from android devices... very odd. It seems to only be 1 of my android device's doing it, I have removed / reinstalled and all and no fix, goes away mostly when that one device is offline (it does still occasionally happen on the other devices but not as consistently).
I have to keep removing 127.0.0.1 from my ip ban list because it get's blocked.. with that device on it happens multiple times a day, with it off about once a week. Which then prevents access via nabu casa.
I seem to be having the same issue.
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/home-assistant/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 7:40:43 PM (6 occurrences)
Last logged: 7:45:23 PM
Login attempt or request with invalid authentication from pfsense.MYDOMAIN.com (192.168.1.2). Requested URL: '/auth/login_flow/75550043510a4bb4a9ede8fcee143a83'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0)
I've been having this issue from firefox on MacOS. I changed to Safari and it was letting me log on. But just now I was kicked out of my Safari session as soon as it logged me in successfully. So I tried Chrome and it let me in. I only access HA from inside my local network.
I use pfSense as my firewall and have full domain certificates for all my services including HA. There are no issues with any certificates and all of my other services work fine including nextcloud, unifi controller etc. I have HA running in Proxmox, which also has a valid certificate. I do use uMatrix on firefox but not on Safari so that is not the issue. I do use pfBlocker on pfSense however looking through the logs there is nothing related to HA.
I have not had any issues with the mobile app, so far. I am using iOS.
I tried deleting the access tokens in case that was causing the issue but still no joy.
So this issue is not limited to some mobile implementation. This issue seems to be due to the http.ban
component in some way. Happy to provide more info if it would be helpful.
I am also receiving this with the cao-tag-manager/wirelesstag integration. Any further insight would be appreciated. It appears to be working, but I keep getting this warning. Configuration does not mention anything about using ip_ban_enabled or other setting. Appreciate any further insight anyone might have.
Log warning below:
Logger: homeassistant.components.http.ban Source: components/http/ban.py:129 Integration: HTTP (documentation, issues) First occurred: 1:20:55 PM (15 occurrences) Last logged: 1:33:50 PM
Login attempt or request with invalid authentication from cao-tag-manager (192.168.8.36). Requested URL: '/api/events/wirelesstag_update_tags'. (None)
I also have this issue every day. Any idea what will cause it? Passwords are okay, i can log in with both phones, i have reinstalled apps.
Logger: homeassistant.components.http.ban Source: components/http/ban.py:129 Integration: HTTP (documentation, issues) First occurred: 27. tammikuuta 2024 klo 21.52.36 (2 occurrences) Last logged: 07.17.59
Login attempt or request with invalid authentication from 192.168.100.100 (192.168.100.100). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 14; CPH2415 Build/UKQ1.230924.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.230 Mobile Safari/537.36 Home Assistant/2023.12.4-11898 (Android 14; CPH2415))
Login attempt or request with invalid authentication from 192.168.100.101 (192.168.100.101). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 13; KB2003 Build/RKQ1.211119.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.231 Mobile Safari/537.36 Home Assistant/2023.12.4-11898 (Android 13; KB2003))
I just realised - In my case, it was the host device itself (unless I've misunderstood the error). What could cause the localhost itself to trigger this error? In the details it mentions another Android device too but that's why I'm confused about it. I can access it just fine though, from all my devices.
Same problem here, also being triggered by devices on Android 13 - not seeing it occur from any other devices so far.
Logger: homeassistant.components.http.ban Source: components/http/ban.py:80 Integration: HTTP (documentation, issues) First occurred: 11:32:52 AM (14 occurrences) Last logged: 11:44:57 AM
- Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2023.8.2-10992 (Android 13; Pixel 6a))
- Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 13; Pixel 6a Build/TQ3A.230805.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/116.0.0.0 Mobile Safari/537.36 Home Assistant/2023.8.2-10992 (Android 13; Pixel 6a))
This just start happening to me recently, with the companion apps both on Android and IOs. I removed the app from my Android phone and deleted its entry in the Mobile App integration and it connected properly. Now, with no other changes, it is failing again.
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:129
Integration: HTTP (documentation, issues)
First occurred: 2:18:06 PM (4 occurrences)
Last logged: 2:24:32 PM
Login attempt or request with invalid authentication from 10.0.0.23 (10.0.0.23). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 14; Pixel 7 Build/UQ1A.240105.004; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.230 Mobile Safari/537.36 Home Assistant/2024.1.5-12102 (Android 14; Pixel 7))
I do not have any banning set up.
I got same error and resolve with the following configurations.
I'm using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.
location / { proxy_pass http://10.0.0.5:8123; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection “upgrade”; }
- Here is my configuration.yml
http: cors_allowed_origins: - https://public.domain.tld # my public domain use_x_forwarded_for: true trusted_proxies: - 10.0.0.3 # nginx proxy manager internal IP adress
- Setting -> System -> Network settings
I hope it will help to you.
Hello. I use this and the problems with the logs are solved. But apears other problem. I use HAOS with the nginx in addon, and other addons like studio code server, zigbee2mqtt, and other. I iuse your configuration in nginx and with the cors line in confing. I cant see the web inferface of this addons. not apears by the domain, but apears by the local ip of the HAOS.
can i modify some to works?
I got same error and resolve with the following configurations.
I'm using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.
location / { proxy_pass http://10.0.0.5:8123; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection “upgrade”; }
- Here is my configuration.yml
http: cors_allowed_origins: - https://public.domain.tld # my public domain use_x_forwarded_for: true trusted_proxies: - 10.0.0.3 # nginx proxy manager internal IP adress
- Setting -> System -> Network settings
I hope it will help to you.
Hello. I use this and the problems with the logs are solved. But apears other problem. I use HAOS with the nginx in addon, and other addons like studio code server, zigbee2mqtt, and other. I iuse your configuration in nginx and with the cors line in confing. I cant see the web inferface of this addons. not apears by the domain, but apears by the local ip of the HAOS.
can i modify some to works?
Same for me. Haven't figured it out yet.
I am not using any proxy, and I do not have any kind of banning set up. The problem is happening me only with the android companion app when connected to my own WIFI.
I am not using any proxy, and I do not have any kind of banning set up. The problem is happening me only with the android companion app when connected to my own WIFI.
Same setup as i have, with Android companion app.
@DAVIZINH0 I found this article which talks specifically about it and includes some nginx config info but I don't know how to implement it:
https://smarthomeaddict.co.uk/2022/10/home-assistant-remote-access-using-nginx/
location /api {
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_intercept_errors off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host:8126;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass <http://homeassistant.local.hass.io:8123/api>;
}
OKAY here it is! This fixes the login and the add-ons. This is the entirety of the advanced tab in the proxy. I also have the trusted proxies set and the url set in HA.
client_body_buffer_size 512k;
proxy_read_timeout 86400s;
client_max_body_size 0;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header User-Agent $http_user_agent;
I have no idea what it does but it works for me. Thanks vague@#homeassistant(irc).
I am not using any proxy, and I do not have any kind of banning set up. The problem is happening me only with the android companion app when connected to my own WIFI.
Same setup as i have, with Android companion app.
Same no proxy, I do use nabu casa, and it did only start when I started using that, so if you guys are running nabu casa as well maybe it is related to a proxy issue in the core, although we are not using proxy specifically, nabu casa is likely running proxy to work properly in the back end.
Same no proxy, I do use nabu casa, and it did only start when I started using that, so if you guys are running nabu casa as well maybe it is related to a proxy issue in the core, although we are not using proxy specifically, nabu casa is likely running proxy to work properly in the back end.
Yeah, same here, using the nabu casa subscription. It seems to have reduced of late, but it still happens occasionally.
I seem to be having similar problems with just one iPhone all other work ok. I get this error many times "Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2024.4 (io.robbie.HomeAssistant; build:2024.612; iOS 17.3.1) Alamofire/5.8.0)"
I then have to re add server to iOS app and log in again.
Any suggestions I have "ip_ban_enabled: false", I don't have "Can only log in from the local network" set and I have checked everything to do with network.
It seems to happen when the iPhone moves away from the local wi-fi and then returns to it.
Thanks
same issue here
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:138
integration: HTTP (documentation, issues)
First occurred: 16:16:25 (1 occurrences)
Last logged: 16:16:25
Login attempt or request with invalid authentication from pi.hole (192.168.180.10). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 13; SM-G780F Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/123.0.6312.120 Mobile Safari/537.36 Home Assistant/2024.4.1-12576 (Android 13; SM-G780F))
but only for android devices, I installed wireguard vpn on my pi hole So I think this happens when turning on/off wireguard on the phone
Same issue for me, I get the following error:
[homeassistant.components.http.ban] Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/api/websocket'. (Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36)
using Home Assistant Cloud subscription and Home Assistant (2024.5.4) on a Docker on Synology NAS.
configuration.yaml:
http:
ip_ban_enabled: false
login_attempts_threshold: 10
Edit: I use MFA using Telegram
Are these the same issue https://github.com/home-assistant/core/issues/114575#issue-2218294873
The problem
My router's IP (192.168.1.253 here) is sometimes banned. Using the official Android app on my smartphone.
I think it happens when I arrive home and my phone connects to my wifi network, and the server URL in the app is different in the app config if I'm home.
My ip_bans.yaml also gets filled with many duplicates, as I can see on anoter bug report here.
What version of Home Assistant Core has the issue?
core-2023.8.2
What was the last working version of Home Assistant Core?
No response
What type of installation are you running?
Home Assistant OS
Integration causing the issue
http
Link to integration documentation on our website
https://www.home-assistant.io/integrations/http
Diagnostics information
No response
Example YAML snippet
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response