Cloudflare - 400 Bad Request error

Mediacj · November 25, 2021, 1:58pm

Same for me with the Cloudflare proxies added in HA config still bad request 400. Did anyone solve this?

EDIT: solution for me was adding the ip-address to the proxies in HA from mine local Proxmox container where I installed the Cloudflare tunnel. You can find the address of the bad request in your HA log.

lucahammer · April 17, 2022, 5:53pm

Thank you for sharing your solution. It worked for me as well. I am using a cloudflared container with Unraid. I looked into the log of the home assistant container and added the IP of the bad request. After restarting HA I was able to access it through the Cloudflare tunnel.

redstormsju · May 21, 2022, 12:54pm

Hello…I came across this post and your answer because I just set up cloudflare tunnel and my Home Assistance is the only docker container I cant set up. I get a 400 Bad Request error when i set the tunnel as http. when i set it up as https i get 502 Bad Gateway error.

I read your solution but I am not sure how to implement it…I am new to self hosting so I am still learning what everything means and where to do. Would you mind directing me how and where to go and fix my problem? Thank you!

Mediacj · May 21, 2022, 3:16pm

Go to your HA logs there you can find the error and the ip address. Next edit your configuration.yaml and add that ip address to the http: section under trusted_proxies

VeniceNerd · July 9, 2022, 1:36pm

Hi @Mediacj I got the IP address and made the changes to my configuration.yaml:
Screen Shot 2022-07-09 at 3.33.57 PM

But I’m getting this error message when I try to restart HA:
Screen Shot 2022-07-09 at 3.31.48 PM

I’m sure I must have entered the code wrong but I have no idea what exactly I did wrong. This is the first time I actually edit a yaml file.

Any help would be appreciated!

VeniceNerd · July 9, 2022, 1:43pm

I fixed it by entering this code instead:

http:
use_x_forwarded_for: true
trusted_proxies:
- 10.1.10.2

Screen Shot 2022-07-09 at 3.42.20 PM

Found it in this thread: https://community.home-assistant.io/t/reverse-proxy-error/312936/42

VeniceNerd · July 9, 2022, 2:06pm

So as mentioned above I can access the HA web UI now. However, I can not connect with the iOS app (via cloudflare tunnel web adddress):

Any idea why it won’t let me use http://ha.MyDomain.com/ to log in via the app?

Radu · November 19, 2022, 10:35pm

@VeniceNerd did you find a solution?

elstupid · January 12, 2023, 7:33pm

I also had problems with the integration. From just working it went to just not working.
After some time of struggling I decided to reinstall the integration, also in CF delete any settings an redo according to the manual. And it magically worked again.

cfilo88 · January 31, 2023, 9:29pm

Did you solve your problem? @redstormsju

Chiripasca · February 11, 2023, 12:28pm

Muchas gracias, funciono para mi.

fr3f4ll · February 27, 2023, 5:27pm

Just wanted to say thanks for this!

In my scenario I had both a IPv4 and IPv6 address in my logs… I added both to the trusted proxies section of my configuration.yml and restarted. I was good to go after that!

sygad1 · March 4, 2023, 10:04pm

Brilliant find, that 1 line “use_x_forwarded_for: true”, was the one that got it working for me.

DisgruntledTech · March 16, 2023, 8:54pm

I’m haveing the same issue which yaml file am I accessing because my yaml file for cloud flare looks nothing like your guys

DisgruntledTech · March 16, 2023, 9:12pm

I don’t see anything in my logs

MasterCATZ · December 6, 2023, 9:05am

tried that

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.2.16      # Add the IP address of the proxy server
#    - 172.30.33.0/24  # You may also provide the subnet mask

and face

Logger: homeassistant.components.websocket_api.http.connection
Source: components/websocket_api/commands.py:230
Integration: Home Assistant WebSocket API (documentation, issues)
First occurred: 7:02:17 PM (1 occurrences)
Last logged: 7:02:17 PM

[140383316075968] Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found. Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 230, in handle_call_service
    await hass.services.async_call(
  File "/usr/src/homeassistant/homeassistant/core.py", line 2035, in async_call
    response_data = await coro
                    ^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/core.py", line 2072, in _execute_service
    return await target(service_call)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 986, in admin_handler
    await result
  File "/usr/src/homeassistant/homeassistant/components/homeassistant/__init__.py", line 342, in async_handle_reload_all
    raise HomeAssistantError(
homeassistant.exceptions.HomeAssistantError: Cannot quick reload all YAML configurations because the configuration is not valid: Integration error: trusted_proxies - Integration 'trusted_proxies' not found.
Integration error: use_x_forwarded_for - Integration 'use_x_forwarded_for' not found.

Naty_Essuied · February 23, 2024, 12:30am

Thank you very much to everyone, with the help of this discussion I came to a solution, although I do not know if my solution is legal in terms of information security.

http:
  use_x_forwarded_for: true
  trusted_proxies:
      - 127.0.0.1

skrilla · March 2, 2024, 5:30pm

CF Tunnel was working perfectly for a long time, but suddenly ran into an issue where it simply broke after years of it working properly. In the CF Tunnel logs I was getting Error 400, and in HA logs saw this:

Logger: homeassistant.components.http.forwarded
Source: components/http/forwarded.py:125
Integration: HTTP (documentation, issues)
First occurred: March 1, 2024 at 3:41:29 PM (1182 occurrences)
Last logged: 9:21:34 AM

Received X-Forwarded-For header from an untrusted proxy 192.168.1.1

I included 192.168.1.1/32 as a trusted proxy, and still getting an the login error unable to connect to home assistant.

When I use a different browser - Firefox and Edge, I am able to get the login prompt, but after entering 2FA, it fails. The CF Tunnel logs shows the 400 bad request and get a failed login attempt logged in HA.

gtmax500 · March 7, 2024, 2:34am

Just letting you know, I had the same issues you were having (exactly the same with the error and different browser and CL tunnels). After trying all sorts of IP addresses including 0.0.0.0/0 under the trusted proxy, I finally got it to work by actually restarting home assistant, not just reloading the YAML file. I got it to work with just 192.168.1.1 and ::1 under the trusted_proxies and a full restart of HA (probably dont need ::1 but I left it anyways). I know it said to restart HA in the docs but for some reason I though just reloading the yaml files would be enough…clearly not. All working now.

trallan · April 27, 2024, 5:53pm

Was trying to access via my tunnel today and I get 400, bad request. Not sure why, other stuff in my tunnel works fine, only HA gives 400. This is the configuration.yaml setting that has worked before:

# Allows proxy traffic from cloudflared tunnel
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.31.0.2

Edit:

Checked my HA logs and a new IP was shown to be blocked. Added it to my configuration yaml and now it works.