Shouldn’t this just work out of the box?
Why exactly is 0.0.0.0/0 dangerous? I know 0.0.0.0 is just a wildcard for any possible address. I’m wondering that the dangers are
Isn’t it self evident that allowing connection from anyone is dangerous?
Thanks, this helped me.
However it is a half backed solution.
What is interesting is that clicking on “open the web view” correctly opens the page.
Checking the logs I see that using the tool bar to open configurator, it tries to do it on a different IP than HA’s.
H, I’m new to this and having the same issue but it’s not yet fixed.
Here’s a screen shot of my Config and Log.
Any pointers would be much appreciated.
1 Like
I’ve now fixed this. Just a case of adding 10.0.0.0/8 to the allowed networks.
1 Like
I had this same issue and found it to be related to SSL encryption I set up (through Hass.io). The problem occurred everytime I accessed the configurator non-locally by accident.
Add or uncomment the line below in the configuration.yaml file (usually lines 25-27):
Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
base_url: bertlmann.duckdns.org:8123
I didn’t change or add any of the network numbers for allowed networks (eg. 10.0.0.0/8) as suggested in this link.
1 Like
Noob here trying to figure out this precise problem. Duckdns appears to be working, but I’m getting a policy not fulfilled error when trying to get configurator back up and running. At this point, I cannot get the web interface or the iframe within hassio to work. Any help would be appreciated. Log as follows:
INFO:2018-12-20 07:03:50,676:main:Starting server
WARNING:2018-12-20 07:03:50,677:main:Password PASSWORD is too short
WARNING:2018-12-20 07:03:50,678:main:Password PASSWORD does not contain digits
INFO:2018-12-20 07:03:50,684:main:{‘title’: ‘HASS Configurator - Password warning’, ‘message’: ‘Your PASSWORD seems insecure (3). Refer to the HASS configurator logs for further information.’, ‘notification_id’: ‘HC_PASSWORD’}
INFO:2018-12-20 07:03:50,937:main:Listening on: https://0.0.0.0:3218
INFO:2018-12-20 07:03:54,748:main:Requesting authorization
INFO:2018-12-20 07:03:54,750:main:47.39.44.135 - “GET / HTTP/1.1” 401 -
INFO:2018-12-20 07:04:03,885:main:Requesting authorization
INFO:2018-12-20 07:04:03,886:main:47.39.44.135 - “GET / HTTP/1.1” 401 -
WARNING:2018-12-20 07:04:22,286:main:Client IP not within allowed networks.
INFO:2018-12-20 07:04:22,287:main:47.39.44.135 - “GET / HTTP/1.1” 420 -
WARNING:2018-12-20 07:04:22,766:main:Client IP banned.
INFO:2018-12-20 07:04:22,767:main:47.39.44.135 - “GET /favicon.ico HTTP/1.1” 420 -
WARNING:2018-12-20 07:06:07,887:main:Client IP banned.
INFO:2018-12-20 07:06:07,888:main:47.39.44.135 - “GET / HTTP/1.1” 420 -
WARNING:2018-12-20 07:06:08,530:main:Client IP banned.
INFO:2018-12-20 07:06:08,531:main:47.39.44.135 - “GET /favicon.ico HTTP/1.1” 420 -
That’s the error. When connecting from outside, your client IP is different. If it’s not within your list of allowed networks, then the IP gets banned. So you can either whitelist every IP address in the world (allowing brute force attacks on your password), or consider using the SESAME feature mentioned in the documentation to whitelist your client IP on demand.