Home assistant Warnings log

Please someone help me. Where does this warning come from?What can I do to stop this warning?

Logger: homeassistant.components.http.security_filter
Source: components/http/security_filter.py:54
Integration: HTTP (documentation, issues)
First occurred: 27 септември 2021 г., 3:39:00 ч. (6 occurrences)
Last logged: 27 септември 2021 г., 21:37:06 ч.

Filtered a request with a potential harmful query string: /wp-json/wc/store/products/collection-data?calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500
Filtered a request with a potential harmful query string: /?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500
Filtered a request with a potential harmful query string: /manager/radius/server_ping.php?ip=127.0.0.1|cat%20/etc/passwd>…/…/poc.txt&id=1
Filtered a request with a potential harmful query string: /lucee/admin/imgProcess.cfm?file=/…/…/…/context/1yh9eqZmxDgvUZcClbmULOpAUSw.cfm
Filtered a request with a potential harmful query string: /remote/fgt_lang?lang=/…/…/…/…//////////dev/cmdb/sslvpn_websession

System Health

version: core-2021.9.7
installation_type: Home Assistant OS
dev: false
hassio: true
docker: true
user: root
virtualenv: false
python_version: 3.9.7
os_name: Linux
os_version: 5.10.62
arch: x86_64
timezone: Europe/Sofia

GitHub API: ok
Github API Calls Remaining: 5000
Installed Version: 1.15.2
Stage: running
Available Repositories: 882
Installed Repositories: 7

logged_in: false
can_reach_cert_server: ok
can_reach_cloud_auth: ok
can_reach_cloud: ok

host_os: Home Assistant OS 6.4
update_channel: stable
supervisor_version: supervisor-2021.09.4
docker_version: 20.10.7
disk_total: 30.8 GB
disk_used: 2.9 GB
healthy: true
supported: true
board: ova
supervisor_api: ok
version_api: ok
installed_addons: File editor (5.3.3), Duck DNS (1.13.0), Terminal & SSH (9.1.3), Samba share (9.5.1), NGINX Home Assistant SSL proxy (3.0.2), Dnsmasq (1.4.4)

dashboards: 1
resources: 2
views: 3
mode: storage

It comes from an external attacker. The only way to prevent these warnings is to use a remote connection method that does not require port forwarding.

The attacks were successfully prevented by home assistant.

Thanks for the reply​:slightly_smiling_face:. I need an alternative method to Nabu Casa. Can you tell me which add-on I need to use to set up HA, (tell me only the names) not to use port forwarding and to have external and internal access to the system. I don’t understand much about server systems. I use forums and video tutorials on how to set up HA. Thank you in advance for the information

If you don’t have much experience with networking I would recommend Nabu Casa.

Should I be getting these alerts if I’m already using Nabu Casa. A bit concerned for obvious reasons.

2022-04-08 14:13:04 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /static…/.git/config
2022-04-08 14:13:04 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /js…/.git/config
2022-04-08 14:13:04 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /media…/.git/config

Do you have ports open in your router?

I do not. Closed them up a while back.

Check again.

Definitely do not have any port forwarding set up sir.
And when I did, they were never pointed to my HA…always had Nabu Casa.
I recently setup Tailscale to remove the only port forwarding I had (for Wireguard…port fwded to another server,not HA).

Is there a way to see the IP source of the malicious request?

There is. When I had this issue shortly after migrating from DuckDNS to Nabu Casa I mirrored the switch port connect to Home Assistant to another free port on my network switch. I then connected a laptop to this port and ran Wireshark to capture all the packets sent to and from Home Assistant.

What I discovered was that while I had removed the port forward rules in my router I had forgotten to save the configuration. So the ports were still open. This is why I asked you to check again.

I was hoping there was a way to see the IP that created the initial security alert in the logs. Guess that may not be possible so I’m not sure how to proceed.

I had a very similar log message recently

2023-01-04 13:04:41.322 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /css../.git/config
2023-01-04 13:04:41.343 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /img../.git/config
2023-01-04 13:04:41.358 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /static../.git/config
2023-01-04 13:04:41.390 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /content../.git/config
2023-01-04 13:04:41.406 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /images../.git/config
2023-01-04 13:04:41.422 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /js../.git/config
2023-01-04 13:04:41.437 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /assets../.git/config
2023-01-04 13:04:41.452 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /events../.git/config
2023-01-04 13:04:41.467 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /lib../.git/config
2023-01-04 13:04:41.483 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /media../.git/config

Is it for sure, that this is based on an external connection attempt?
Or could it be that a hacs addon could have caused it?

I don’t have any open port on router and I am using Nabu Casa.

Same warnings here, no ports open and using Nabu Casa

2023-01-05 00:46:41.348 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /css../.git/config
2023-01-05 00:46:41.359 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /images../.git/config
2023-01-05 00:46:41.369 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /js../.git/config
2023-01-05 00:46:41.379 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /static../.git/config
2023-01-05 00:46:41.389 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /img../.git/config
2023-01-05 00:46:41.400 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /assets../.git/config
2023-01-05 00:46:41.410 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /events../.git/config
2023-01-05 00:46:41.422 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /content../.git/config
2023-01-05 00:46:41.443 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /media../.git/config
2023-01-05 00:46:41.454 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /lib../.git/config

Which custom integrations do you use?

The ones I use are:

• HACS
• simpleicons
• Powercalc
• Spotcast
• Xiaomi Mi Air Purifier & Xiaomi Mi Air Humidifier
• Alexa Media Player
• Thermal Comfort
• Nest Protect
• Ecoflow

And a lot of frontend integrations but I’m not sure if these are potentially harmful as well? Does anyone know?

The ones I use that you do are:

• HACS
• Powercalc
• Alexa Media Player

I don’t have HACS
I don’t have any port forwarding on my router
I ONLY use Nabu Casa.

But I got these this morning:

2023-08-24 08:31:44.720 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /js…/.git/config
2023-08-24 08:31:44.727 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /media…/.git/config
2023-08-24 08:31:44.805 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /css…/.git/config
2023-08-24 08:31:44.862 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /static…/.git/config
2023-08-24 08:31:44.994 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /assets…/.git/config
2023-08-24 08:31:44.999 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /img…/.git/config
2023-08-24 08:31:45.038 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /events…/.git/config
2023-08-24 08:31:45.106 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /images…/.git/config
2023-08-24 08:31:45.128 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /content…/.git/config
2023-08-24 08:31:45.163 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /lib…/.git/config

The only mentionable addons/integrations (that maybe relevant?) that I have are ewlink home & tuya.

I run HAOS in a VM on proxmox

I use cloudflare for external access.
I don’t use port forwarding.

2023-09-05 05:58:38.698 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /assets../.git/config
2023-09-05 05:58:38.735 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /content../.git/config
2023-09-05 05:58:38.743 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /img../.git/config
2023-09-05 05:58:38.804 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /static../.git/config
2023-09-05 05:58:38.815 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /images../.git/config
2023-09-05 05:58:38.826 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /events../.git/config
2023-09-05 05:58:38.835 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /media../.git/config
2023-09-05 05:58:38.846 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /css../.git/config
2023-09-05 05:58:38.867 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /js../.git/config
2023-09-05 05:58:38.879 WARNING (MainThread) [homeassistant.components.http.security_filter] Filtered a potential harmful request to: /lib../.git/config

image1920×1030 60 KB

Custom integrations:

• next_holiday
• rpi_gpio
• arpscan_tracker
• entity_controller
• frigate
• nodered
• dht
• hacs