IP ban when using Android app

webbson · July 12, 2020, 8:27pm

Hey. I have a problem where sometimes my Android app causes invalid credentials trying to login and then the IP is banned, this mostly happens while jumping between applications on my Oneplus 7T.

I’m running latest Home Assistant (0.112.4 at the moment) on HassOS 4.10 and the Android app is using 1.11.0-215.

I’ve put the threshold to 5 attempts and added my internal ip to trusted networks but it get banned anyway.

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 10.13.37.0/24

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.13.37.9
  ip_ban_enabled: true
  login_attempts_threshold: 5

Below are the logs where my internal IP of my phone gets banned despite being in the trusted_networks settings. And I get similar looking logs when using LTE and using the app.

2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Banned IP 10.13.37.231 for too many login attempts

What might be wrong? When using externally I use it through CloudFlare -> NGINX Proxy Manager -> Home Assistant. But internally it is direct connection from app to Home Assistant server.

tom_l · July 12, 2020, 8:51pm

It’s not exclusive to Android. The iOS app does it as well. Particularly when the app was running on wifi, backgrounded then used on cellular networks. Not always though. Really annoying that it requires a restart to clear the ban.

github.com/home-assistant/core

When ip_ban_enabled is true - will ban device IP that is setup as a trusted network and allowed to bypass login.

opened 12:32PM - 23 Jun 20 UTC

closed 04:20PM - 28 Jul 22 UTC

MarkHofmann11

integration: http

Have an Android tablet running Wallpanel - IP is set as a trusted network under auth_providers and has a user that is setup to bypass_login=true. When ip_ban_enabled= true in http: section, it will ban the IP. IP banned is 192.168.0.77 in this example. ## Environment  - Home Assistant Core release with the issue: 111.2 - Last working Home Assistant Core release (if known): N/A - Operating environment (OS/Container/Supervised/Core): Windows - Integration causing this issue: N/A - Link to integration documentation on our website: ## Problem-relevant `configuration.yaml`  ```yaml homeassistant: packages: !include_dir_named packages auth_providers: - type: homeassistant - type: legacy_api_password api_password: !secret http_password - type: trusted_networks trusted_networks: - 192.168.0.76/32 - 192.168.0.3/32 - 192.168.0.77/32 trusted_users: 192.168.0.77: 16524566edc74125a7b0f4b47f24b4b2 allow_bypass_login: true http: # base_url: http://homeassistant.my-homedomain.org:8123 server_port: 8123 use_x_forwarded_for: true trusted_proxies: - 192.168.0.14 - 192.168.0.77 - 127.0.0.1 ip_ban_enabled: true login_attempts_threshold: 5 ``` ## Traceback/Error logs  ```txt ``` ## Additional information

RFC: Add service to remove an IP from the ban list by bachya · Pull Request #18770 · home-assistant/core · GitHub

webbson · July 13, 2020, 8:11pm

Ah. At least it’s not only me. And it seems like I’m a lousy searcher as well.

But surely there must be some kind of fix for this. I thought at least putting the IP on the trusted networks worked some way like a whitelist for it not to be banned, but apparently not.

bigscience · July 15, 2020, 10:03pm

I get this too on the iPhone and not even when I’m using the app at the time. Seems like it’s a newer issue for either HA or the app after I updated them. At least it’s not my wife’s phone or there’d be hell to pay. I’ve tried to delete old refresh tokens, made a long term one (not sure what that even does or if I did it right) but it’s pretty random. I have to VPN to a new get a new IP, delete the ban and then restart. It’s really embarrassing when are trying to show someone this awesome setup you have and then end up looking like a dumbass who forgot their password.

Friedrieck · July 28, 2020, 8:34am

Same here, it happens with the official Android app or with WallPanel. Really painful.

NirL · April 3, 2022, 1:37pm

Was anyone able to resolve this ?
This has been happening on my wife’s (android) phone repeatedly resulting in IP bans last one banned my router at home blocking all access

eriol · November 28, 2023, 8:55am

I have the same problem.
When I am out of home, sometimes I get banned. I think it happens when I have low mobile coverage.
At least, it would be nice if IP Bans could be reloaded without restarting HA.