Cloudflare - 400 Bad Request error

Same for me with the Cloudflare proxies added in HA config still bad request 400. Did anyone solve this?

EDIT: solution for me was adding the ip-address to the proxies in HA from mine local Proxmox container where I installed the Cloudflare tunnel. You can find the address of the bad request in your HA log.

9 Likes

Thank you for sharing your solution. It worked for me as well. I am using a cloudflared container with Unraid. I looked into the log of the home assistant container and added the IP of the bad request. After restarting HA I was able to access it through the Cloudflare tunnel.

1 Like

Hello…I came across this post and your answer because I just set up cloudflare tunnel and my Home Assistance is the only docker container I cant set up. I get a 400 Bad Request error when i set the tunnel as http. when i set it up as https i get 502 Bad Gateway error.

I read your solution but I am not sure how to implement it…I am new to self hosting so I am still learning what everything means and where to do. Would you mind directing me how and where to go and fix my problem? Thank you!

Go to your HA logs there you can find the error and the ip address. Next edit your configuration.yaml and add that ip address to the http: section under trusted_proxies

3 Likes

Hi @Mediacj I got the IP address and made the changes to my configuration.yaml:
Screen Shot 2022-07-09 at 3.33.57 PM

But I’m getting this error message when I try to restart HA:
Screen Shot 2022-07-09 at 3.31.48 PM

I’m sure I must have entered the code wrong but I have no idea what exactly I did wrong. This is the first time I actually edit a yaml file.

Any help would be appreciated! :slight_smile:

1 Like

I fixed it by entering this code instead:

http:
use_x_forwarded_for: true
trusted_proxies:
- 10.1.10.2

Screen Shot 2022-07-09 at 3.42.20 PM

Found it in this thread: https://community.home-assistant.io/t/reverse-proxy-error/312936/42

6 Likes

So as mentioned above I can access the HA web UI now. However, I can not connect with the iOS app (via cloudflare tunnel web adddress):

Any idea why it won’t let me use http://ha.MyDomain.com/ to log in via the app?

@VeniceNerd did you find a solution?

I also had problems with the integration. From just working it went to just not working.
After some time of struggling I decided to reinstall the integration, also in CF delete any settings an redo according to the manual. And it magically worked again.

Did you solve your problem? @redstormsju

Muchas gracias, funciono para mi. :ok_hand:

1 Like

Just wanted to say thanks for this!

In my scenario I had both a IPv4 and IPv6 address in my logs… I added both to the trusted proxies section of my configuration.yml and restarted. I was good to go after that!

1 Like

Brilliant find, that 1 line “use_x_forwarded_for: true”, was the one that got it working for me.

I’m haveing the same issue which yaml file am I accessing because my yaml file for cloud flare looks nothing like your guys

I don’t see anything in my logs

tried that

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.2.16      # Add the IP address of the proxy server
#    - 172.30.33.0/24  # You may also provide the subnet mask

and face

Logger: homeassistant.components.websocket_api.http.connection
Source: components/websocket_api/commands.py:230
Integration: Home Assistant WebSocket API (documentation, issues)
First occurred: 7:02:17 PM (1 occurrences)
Last logged: 7:02:17 PM

[140383316075968] Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found. Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 230, in handle_call_service
    await hass.services.async_call(
  File "/usr/src/homeassistant/homeassistant/core.py", line 2035, in async_call
    response_data = await coro
                    ^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/core.py", line 2072, in _execute_service
    return await target(service_call)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 986, in admin_handler
    await result
  File "/usr/src/homeassistant/homeassistant/components/homeassistant/__init__.py", line 342, in async_handle_reload_all
    raise HomeAssistantError(
homeassistant.exceptions.HomeAssistantError: Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found.
Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.

Thank you very much to everyone, with the help of this discussion I came to a solution, although I do not know if my solution is legal in terms of information security.

http:
  use_x_forwarded_for: true
  trusted_proxies:
      - 127.0.0.1

CF Tunnel was working perfectly for a long time, but suddenly ran into an issue where it simply broke after years of it working properly. In the CF Tunnel logs I was getting Error 400, and in HA logs saw this:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:125
Integration: HTTP (documentation, issues)
First occurred: March 1, 2024 at 3:41:29 PM (1182 occurrences)
Last logged: 9:21:34 AM

Received X-Forwarded-For header from an untrusted proxy 192.168.1.1

I included 192.168.1.1/32 as a trusted proxy, and still getting an the login error unable to connect to home assistant.

When I use a different browser - Firefox and Edge, I am able to get the login prompt, but after entering 2FA, it fails. The CF Tunnel logs shows the 400 bad request and get a failed login attempt logged in HA.

Just letting you know, I had the same issues you were having (exactly the same with the error and different browser and CL tunnels). After trying all sorts of IP addresses including 0.0.0.0/0 under the trusted proxy, I finally got it to work by actually restarting home assistant, not just reloading the YAML file. I got it to work with just 192.168.1.1 and ::1 under the trusted_proxies and a full restart of HA (probably dont need ::1 but I left it anyways). I know it said to restart HA in the docs but for some reason I though just reloading the yaml files would be enough…clearly not. All working now.

Was trying to access via my tunnel today and I get 400, bad request. Not sure why, other stuff in my tunnel works fine, only HA gives 400. This is the configuration.yaml setting that has worked before:

# Allows proxy traffic from cloudflared tunnel
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.31.0.2

Edit:

Checked my HA logs and a new IP was shown to be blocked. Added it to my configuration yaml and now it works. :slight_smile:

1 Like