Intruder alert!

Hi,

I had the same problem. Getting the external IP address on the backend you have to modify both the reverse proxy and the webserver at the backend. The solution depends on what webserver you are running. I enabled authentication on the reverse proxy of my Synology. When I try to access HA from outside my home I have to login, when I access it from my lan I don’t. It should be possible to enable logging on synology for login attempts and do something with it (fe. fail2ban)

Sorry, I dont have any experience with reverse proxies.

This is working for me on 0.51.1 nice thanks

@carlostico can you be more specific on what doesn’t work?

1 Like

entity_id: persistent_notification.httplogin
Bob where can I find this entity? It is not in my list. Although you mentioned just the pushbullet entry as additional set up

It’s only there when the persistant norification is shown in your frontend. You can create it by entering a wrong password.

1 Like

Bedankt het werkt inderdaad smooth :wink:

Graag gedaan landgenoot :slight_smile:

btw pushbullet works nice! It right away takes you to the website. So this is a handy add on!

I took this a step further and forwarded all persistent notifications to Telegram by triggering on the persistent_notification.create service call event:

automation:
  - alias: forward_persistent_notifications
    initial_state: 'on'
    trigger:
      - platform: event
        event_type: call_service
        event_data:
          domain: persistent_notification
          service: create
    action:
      - service: notify.telegram
        data_template:
          message: >-
            {% set message = trigger.event.data.service_data.message %}
            {% if 'invalid authentication' in message or 'login attempts' in message %}
              {{ message }}: http://www.ip-tracker.org/locator/ip-lookup.php?ip={{ message.split('from ')[1] }}
            {% else %}
              {{ message }}
            {% endif %}
6 Likes

@dale3h very nice, thanks !

You might want to change “attempts” to attempt":

 {% if 'invalid authentication' in message or 'login attempts' in message %}

Thank you for the tip! I have updated it to:

{% if 'login attempt' in message|lower %}

Just what I was looking for Thanks @dale3h !

It works great … thanks.

Just got a little problem, trying to log out of the internal network I get a message that there is an attempt to login only that the address shown is 127.0.0.1 - I have https installed on the Pai. What should I do to show the correct address?

just for educational purposes, why did you change that?
cheers,
Marius

Hi all,

I’ve just setup this great implementation (Thank you!) but there’s something I don’t understand.

Besides the expected persistent notification I receive constantly a message on Telegram

We have discovered new devices on your network. Check it out

But there’s no trace of this message on my frontend. Anyone has the same issue?

Thank you

I got it to work. Did someone using NGINX and know how to implement this with Real IP and not the localhost ip,
Because its show my ip 127.0.0.0 anytime

Have a look at the http component configuration HTTP.

Basically you need to define the proper header forwarding (X-Forwarded-For) in your nginx configuration. Something like this:

location / {
        proxy_pass http://192.168.1.1:8123;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_redirect http:// https://;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Host $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
}

and enable it in Home Assistant

1 Like

noticed that persistent_notification.httplogin has become persistent_notification.http_login on my configuration which breaks the automation many are using, so anyone using this be sure to validate that it still works after the 0.86 update.

I’d does I have 0.86.2