2023.5 Webhooks & Local Network

jtenniswood · May 4, 2023, 1:19pm

Regarding web hooks and the ‘local network only’ option.
I’m running HA in Docker, but the local network only option doesn’t work because (I suspect) it considers the docker bridge to be local and everything else ‘outside’.
Is there a way to set what is a local IP range (eg 192.168.0.0/32)?
Thanks

exxamalte · May 5, 2023, 6:52am

Looking at the code, the webhook integration determines if it’s a “local” request, if the request is coming from a loopback, private or link-local address:

loopback
- 127.0.0.0/8
- ::1/128
- ::ffff:127.0.0.0/104
private
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- fd00::/8
- ::ffff:10.0.0.0/104
- ::ffff:172.16.0.0/108
- ::ffff:192.168.0.0/112
link-local
- 169.254.0.0/16
- fe80::/10
- ::ffff:169.254.0.0/112

So, your 192.168.0.0 address should be considered “local”.

WallyR · May 5, 2023, 7:23am

@exxamalte
Can you see if it allows routing between those subnets that are considered local?

exxamalte · May 5, 2023, 9:29am

The only thing that this code snippet does is comparing the IP address of the request with that list of local IP addresses. The webhook itself has nothing to do with routing between subnets.

Is the webhook actually reaching your HA instance? I.e. if you untick the “Only accessible from local network” is the webhook triggering your automation?

WallyR · May 5, 2023, 9:32am

I have not set it up yet, so it was just a proactive question for the future.
I have experienced local_only features that worked by preventing packets to the gateway address, which is the Hy I asked.

dev0 · May 6, 2023, 8:03am

Can we add some more documentation to how local_only works to the webhook trigger documentation? Right now it is absolutely insufficient to determine what it actually does.

jtenniswood · May 11, 2023, 8:33am

Sorry for the delay in responding. I thought the issue could be that I’m running in docker, and that has a bridge ip range of 172.17.0.0/16, but I forgot I am running it in host mode, so would (or should to the best of my knowledge) be within the 192.168 range.

Very odd, would be nice to be able to specify the network range considered local.

jtenniswood · May 11, 2023, 8:34am

Yes it works if the local only option is unselected, which is what I’ve gone back to

exxamalte · May 11, 2023, 10:08pm

That sounds a bit like a mystery then. If the webhook works in principle and the request comes from an IP address in one of those local networks, then the local only option should work.