Cloudflare - 400 Bad Request error

elstupid · January 12, 2023, 7:33pm

I also had problems with the integration. From just working it went to just not working.
After some time of struggling I decided to reinstall the integration, also in CF delete any settings an redo according to the manual. And it magically worked again.

cfilo88 · January 31, 2023, 9:29pm

Did you solve your problem? @redstormsju

Chiripasca · February 11, 2023, 12:28pm

Muchas gracias, funciono para mi.

fr3f4ll · February 27, 2023, 5:27pm

Just wanted to say thanks for this!

In my scenario I had both a IPv4 and IPv6 address in my logs… I added both to the trusted proxies section of my configuration.yml and restarted. I was good to go after that!

sygad1 · March 4, 2023, 10:04pm

Brilliant find, that 1 line “use_x_forwarded_for: true”, was the one that got it working for me.

DisgruntledTech · March 16, 2023, 8:54pm

I’m haveing the same issue which yaml file am I accessing because my yaml file for cloud flare looks nothing like your guys

DisgruntledTech · March 16, 2023, 9:12pm

I don’t see anything in my logs

MasterCATZ · December 6, 2023, 9:05am

tried that

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.2.16      # Add the IP address of the proxy server
#    - 172.30.33.0/24  # You may also provide the subnet mask

and face

Logger: homeassistant.components.websocket_api.http.connection
Source: components/websocket_api/commands.py:230
Integration: Home Assistant WebSocket API (documentation, issues)
First occurred: 7:02:17 PM (1 occurrences)
Last logged: 7:02:17 PM

[140383316075968] Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found. Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 230, in handle_call_service
    await hass.services.async_call(
  File "/usr/src/homeassistant/homeassistant/core.py", line 2035, in async_call
    response_data = await coro
                    ^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/core.py", line 2072, in _execute_service
    return await target(service_call)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 986, in admin_handler
    await result
  File "/usr/src/homeassistant/homeassistant/components/homeassistant/__init__.py", line 342, in async_handle_reload_all
    raise HomeAssistantError(
homeassistant.exceptions.HomeAssistantError: Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found.
Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.

Naty_Essuied · February 23, 2024, 12:30am

Thank you very much to everyone, with the help of this discussion I came to a solution, although I do not know if my solution is legal in terms of information security.

http:
  use_x_forwarded_for: true
  trusted_proxies:
      - 127.0.0.1

skrilla · March 2, 2024, 5:30pm

CF Tunnel was working perfectly for a long time, but suddenly ran into an issue where it simply broke after years of it working properly. In the CF Tunnel logs I was getting Error 400, and in HA logs saw this:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:125
Integration: HTTP (documentation, issues)
First occurred: March 1, 2024 at 3:41:29 PM (1182 occurrences)
Last logged: 9:21:34 AM

Received X-Forwarded-For header from an untrusted proxy 192.168.1.1

I included 192.168.1.1/32 as a trusted proxy, and still getting an the login error unable to connect to home assistant.

When I use a different browser - Firefox and Edge, I am able to get the login prompt, but after entering 2FA, it fails. The CF Tunnel logs shows the 400 bad request and get a failed login attempt logged in HA.

gtmax500 · March 7, 2024, 2:34am

Just letting you know, I had the same issues you were having (exactly the same with the error and different browser and CL tunnels). After trying all sorts of IP addresses including 0.0.0.0/0 under the trusted proxy, I finally got it to work by actually restarting home assistant, not just reloading the YAML file. I got it to work with just 192.168.1.1 and ::1 under the trusted_proxies and a full restart of HA (probably dont need ::1 but I left it anyways). I know it said to restart HA in the docs but for some reason I though just reloading the yaml files would be enough…clearly not. All working now.

trallan · April 27, 2024, 5:53pm

Was trying to access via my tunnel today and I get 400, bad request. Not sure why, other stuff in my tunnel works fine, only HA gives 400. This is the configuration.yaml setting that has worked before:

# Allows proxy traffic from cloudflared tunnel
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.31.0.2

Edit:

Checked my HA logs and a new IP was shown to be blocked. Added it to my configuration yaml and now it works.

defcongo · June 6, 2024, 8:41pm

thanks. full restart worked for me too.

KLU · July 13, 2024, 7:58am

I’m glad that I found this topic

I moved from Cloudflared HA addon to a Cloudflared container in Docker/Portainer. After everything was set up, I got Bad Request: 400 error.

Adding Docker’s IP address in the configuration.yaml fixed the issue. So from:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

to

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24
    - 192.168.1.101/32

Hopefully it will save somebody’s ass Cheers!

jlogan2231 · July 13, 2024, 9:06pm

@KLU Any chance this coincided with Cloudflare 5.1.15 update as well? I have pretty much done the same as you, but once I update to the latest Cloudflare Add on in HA, I then get the Bad Request, roll it back to 5.1.3, and the issue goes away. For us simpletons, what’s the purpose of the “/32” at the end and how did you know it was 32?

EDIT: I did your proposal, updated to 5.1.15 and it works. However if I refresh my window, I get the Home Assistant symbol and this message

" Unable to connect to Home Assistant.

Retrying in 56 seconds…

RETRY NOW"

If I click “Retry now”, it works, if I refresh the page again, I get the same issues. Never had this before, any ideas why this is suddenly starting to happen?

jortiz · September 2, 2024, 6:37am

Hello, I pasted the command but it still gives me the same 400 error, this is how my configuration file is

Loads default set of integrations. Do not remove.

default_config:

Load frontend themes from the themes folder

frontend:
themes: !include_dir_merge_named themes

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24 (what IP do I put here and how do I get it)
- 192.168.1.101/32 (what IP do I put here and how do I get it)
I thanked you very much

piotr1 · September 5, 2024, 1:29pm

http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 104.16.0.0/13
- 104.24.0.0/14
- 172.64.0.0/13
- 131.0.72.0/22

aezzz · October 8, 2024, 12:12pm

Hi guys after weeks of f***ing around. In your Nginx proxy server add the following to clear the X-Forwarded-For information passed on by Cloudflare:
proxy_set_header X-Forwarded-For “”;

tylertylerday · October 21, 2024, 7:59pm

Did you end up figuring this out? I’m also getting the “unable to connect” issue but when I hit retry it takes me to a cloudflare bbad gateway page.

MateHolda · October 30, 2024, 2:21pm

You should restart Cloudflared add-on and then search in the Cloudflared log for the following line:
INF ICMP proxy will use 172.30.33.2 as source for IPv4