How to track down supervisor/add-on IPs?

igorsantos07 · September 3, 2024, 8:22pm

As many, many results on Google, I’m having a mysterious “Login attempt or request with invalid authentication from supervisor”. In my case, that’s against /api/core/state, but those many results mix up the supposed senders and failed endpoints, and obviously, no conclusive results.

I want a different approach: is it possible to list the IPs used by my add-ons, so maybe I can underestand who’s sending this bad request? Or is it literally the supervisor? If so, any idea how to track this down?

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:135
integration: HTTP (documentation, issues)
First occurred: 02:00:56 (2 occurrences)
Last logged: 02:00:56

Login attempt or request with invalid authentication from
 supervisor (172.30.32.2). Requested URL: '/api/core/state'.
 (HomeAssistantSupervisor/2024.08.0 aiohttp/3.9.5 Python/3.12)

Sir_Goodenough · September 3, 2024, 8:30pm

Hi Igor Santos,

172.30.x.x, 10.x.x.x, and 192.168.x.x are all designated as local only, so none of those should be a problem.

igorsantos07 · September 3, 2024, 8:55pm

I don’t think it’s a real attack or any place I left a wrong password, but nonetheless it’s boring to say the least, given these errors pop on my notifications every now and then. Sorry for not mentioning they’re somewhat frequent in the OP.