I would like to have all connected client’s IP address for security reason.
I tried this by changing log level (debug/info) for logger config for homeassistant.components.http, homeassistant.components.websocket_api and homeassistant.components.api but not getting the IP address.
Tried making custom component from api_streams component but that has no details of incoming connections.
Appreciate any help to achieve this.
I inquired about this awhile back and got nothing.
Im not really concerned about connections origination from inside my network so I setup a custom e-mail from my router for every connection to port 8123. Since I try not to use HA as a remote control and let automatons take care of things there aren’t to many log-ins. My phone provider sticks to a pretty fixed set of IPs so it makes the log really easy to scan. Anything that isn’t me or my wife. After a couple of common port scanners got blocked it has really narrowed it down.
Not really what you wanted, but that was my work around as I couldn’t figure out how to do it in HA.
1 Like
Thanks for the reply. I am seeing many notifications from my firewall (Cujo) about unauthorized access as well IP/Port scanner/spammer from USA and well or side USA. Still not sure how to block out side USA traffic. My actiontec modem/router doesn’t have that feature and Cujo firewall also didn’t have that. I am playing/learning with pfsense but not there yet.
What I want is some selected devices only to access HA from outside my home network. My HA runs with let’s encrypt and using duckdns with password and IP ban is enabled in my HA.
Thanks
This reminds me that I noticed in the HA output (when stared manually) provides the connections and the IP.
I setup a DEV instance with no components initially (noting, no logger, recorder, devices, etc.) and when I connected to the fontend it logged the IP of my comptuer. On a normal setup with lots of stuff running I imagine this would fly by without being seen but apparently it is logged.
The question is how to get this info into a sensor and if it would report an external IP.
just thought Id give this a bump.
No use having a connected_clients number, without Ip addresses.
Unless this has been solved already of course, which I would have missed in the case…
That will tell you if someone logs in and is sucessful. There is a default failed login notification to the front end, you can then use this as a trigger to make the notification go elsewhere.
For those who don’t authenticate, you should be able to see this in your router logs. I have setup some custom rules in mine to filter out known IP addresses (my phone, my work) and only report other connections. A lot of white noise as there are a lot of scanners out there but gives me some peace of mind.
2 Likes
Thanks I will try that out, is this done via digging the home_assistant.log file or some other better way?
Thanks
This component rocks- especially the inclusion of an attribute indicating the location of the ip. Given the number of folks trying to use command line sensors to screen for bad logins, I’m wondering if the author (@ludeeus?) would consider adding the same functionality for login attempts that are refused.
See this automation. It takes a bad login and sends it as a notification with a URL that provides similar information.
Not as clean and integrated but gets the same data.
Love that new device notification… that went straight into my automations.
The failed login attempts doesn’t work for me. I’m wondering if it’s because notify.home_assistant turned into something else (see below). This service isn’t listed in developer tools, but notify.notify is. Is the intention of the automation to notify all notification services and then dismiss the persistent notification?
2020-02-05 15:08:48 ERROR (MainThread) [homeassistant.components.automation] Error while executing automation automation.notify_on_failed_login. Service not found for call_service at pos 1: Unable to find service notify/home_assistant
This works though to replace the persistent_notification with one that has the URL:
alias: notify on failed login
initial_state: true
trigger:
- platform: state
entity_id: persistent_notification.http_login
condition:
- condition: template
value_template: "{{ trigger.to_state.state != 'None' }}"
action:
- service: persistent_notification.create
data:
title: "{{ states.persistent_notification.http_login.attributes.message }}"
message: 'url: https://whatismyipaddress.com/ip/{{ states.persistent_notification.http_login.attributes.message.split ("from ") [1]}}'
- service: persistent_notification.dismiss
data:
notification_id: 'http_login'
You need to replace it with your applicable notification service that is available. Mine is called notify.homeassistant because I created a home assistant specific e-mail address for myself so that I can see that the notifications are coming related to home assistant.
That makes sense, thanks.
That (was working for years) seems to be partly broken now after updating to HA 2022.4: now attributes (like hostname, user, new_ip) are completely missing. Don’t know why 
Why not just use a reverse proxy instead of directly exposing ha to the public web? All reverse proxies have logging options like these
In case you were referring to my post:
- one can fix this on his own by editing just one file as shown in this PR (which will never be merged or released as the whole repo is archived): Rename deprecated device_state_attributes to extra_state_attributes for 2021.12 onwards by GuyKh · Pull Request #77 · custom-components/authenticated · GitHub
- I personally don’t expose HA to the public web and using authenticated is not bind to that usage scenario.