Check the http component documentation. The variable is ip_ban_enabled: false. It should be false by default
1 Like
Same position as you. Everything was working absolutely fine pre 0.92.0. after that my web interface and Google Assistant (self configured, not with Nabu casa) started to work intermittently and today I ran into this issue (403).
Basically it comes down to connectivity.
I find it odd that I do absolutely nothing and it starts working again, my IP is not banned, my public IP is updated in Cloudflare (or Route53).
I only had one IP banned on my list (I know the source and it’s fine), but it kept me from externally accessing my web interface from other IPs (for example connecting via 4G with my phone) and it also broke my Google Assistant (which had nothing to do with the banned public IP which belonged to my network).
I started using Suricata and got a new router recently, at first I blamed it… Turns out it was just mere coincidence, after a couple weeks of issues here and there I tracked it down to being an HA issue only. Not the firewall, not cloudflare, not NGINX, not Google API, etc.
So far disabling the IP ban as you suggested seems to be working. In 2 years of having Homeassistant I haven’t had an unrecognized banned IP so hopefully I’ll fine.
Just had a power loss myself and now have this issue. So weird.
Had to remove the banned entry in the ip_bans.yaml file, my home’s external IP was banned.
2 Likes
Odd because I just had an SD card failure and had to rebuild everything from my GitHub repository… (snapshot didn’t restore everything onto the new card :() Now I’m getting this error, too. Will try to turn off IP banning when I get home.
Hmm, I find it kind of weird for so many people to have the same issue since when I had it the first time. I taught there would be some fix for this by now, or at least some explanation. I have stopped upgrading since ver 0.90 because of these problems. I’m afraid that if I upgrade the issues will be worse and I dont have the time to fiddle unfortunately. I’ll buy a new SD next time I upgrade just in case 
Hi, Just had a same situation (a Year latter)
Thanks for tips with baned IP, my external IP existed in ip_bans.yaml,
After I removed it, all works back again
3 Likes
Same with me after adding the ssl encryption I got 403 error, it was fixed by removing the IP ban, thank you for this thread and the help.
1 Like
this should be adressed… feels bad that many other like me need to turn of the ip ban feature that is there for a reason… All the more when home automation constantly controls more and more security at home… Like me for example my ha controls my doorlock among other stuff…
Well for me it was solved by just removing the banned IP from the list. I still have IP_ban_enabled=true now.
I couldn’t do that when I started this thread because I didn’t have my IP banned in the file to begin with… Maybe I’ll make another try now and enable it, haven’t had the time.
Thanks for this, for me it was the ip ban config that resulted in the 403 errors
Glad I found this thread! Had the same 403 error and am certain I’d not changed anything, looked at the logs which complained about duplicate IPs in /config/ip_bans.yaml . Turns out the duplicate was my own external IP, so basically HA banned itself and I wonder how it did that. Commenting out my IP and restarting got me back to normal operation.
Wow so after wasting 3 days trying to fix HA I finally find this thread and realize this is an ongoing issue since 2019 and as of 2022 the only solution is to completely remove IP-ban protections on a PUBLIC control panel for my entire house with my camera feeds and buttons to unlock the front door? Seems like a recipe for a disaster to get hacked. I already had many failed login attempts and I’m supposed to remove all protections now?
I even made sure to set “max failed login attempts” at 10 but HA is banning myself even if I didn’t have any failed login attempts.
lol… I guess I won’t be enabling ipban yet then… 
I bet there are a few Auth-options in the GUI nowadays?
I ended up disabling IP-bans and enabling 2FA
disabling ip ban did not solve the 403 issue for me. Maybe it is my reverse proxy setting when coming from external ips? internally it is working fine.
I have the same problem at the moment using NGNIX and DuckDNS
The symptoms described in the posts above look very familiar to what I am experiencing.
Out of the blue I am not able to access my Home Assistant instance using the Android Companion app. I get the 403 Forbidden error. Using the local IP when I am on my home wifi works fine. Accessing from outside of my network (tested using 4G connection on my cell phone) using my duckdns url works fine as well, but using the duckdns url when connected to my home wifi is given me these errors. Setting ip_ban to false seems to work but I do want this functionality for security reasons. Last but not least, the 403 error was not caused by my IP being banned as it did not show up in the banned IP list.
Can someone help in really understanding what is causing this and how to fix this? The WAF is on the decline here ):
Thanks.
EdwinH Were you able to understand the cause? I am experiencing the exact same issue with the exception that the Docker IP, my local network IP and an IPv6 address was added to the ip_bans file. Thanks