I’ve been using HA (raspi4) and the mobile app for many years.
I have a public access and recently I’ve installed a caddy reverse proxy with coraza WAF and Crowdsec
Since I have it when I access using the Android App, two scenarios are triggered and my IP is blocked.
This only happend with Android App (I have a Pixel 7), I can access via web using the same mobile or using the IOS App without any problem.
These are the triggered scenarios, all related with force brute prevention
LePresidente/http-generic-403-bf
"Alert when a single IP that try to bruteforce http basic auth.
Leakspeed of 10s, capacity of 5."
barnoux/crs-anomaly-score
" * Inbound anomaly score detection"
I’m using the latest Android app version.
I’ve disabled the backgroud sync with the same results.
I can use the android app, what I say is that the way it works generate more than a request per second in my server so when I enable coraza or crowdsec they detect it as a force brute attack.
It not happens if I use Chrome (in the same mobile) or the IOS app, in both cases the server does not receive as many requests per second and using these other access methods does not trigger security scenarios.
I connect always to the same server and it shows the same panel.