I’d like to enable IP bans but The IP address of the incoming request is not being forwarded. support.nabucasa.com states “* We are currently exploring a solution for this issue.” Has any progress been made?
IP bans is limited within HA’s capability (explained here). There are a couple developers that have developed custom components to allow whitelisting. Here’s one of them. To enable it, you add it to your configuration.yaml as such -
http:
ip_ban_enabled: true
login_attempts_threshold: 5
Obviously, you can set your desired threshold. The link to the allowlist explains what you’d need to add to your configuration.yaml to use it.
edit While using IP bans is a good hardening practice, so is using CrowdSec.
I must not have explained myself well enough. Yes, I have IP Bans enabled already. I’m using HA’s remote access feature Nabu Casa. It’s essentially a reverse proxy for securly accessing HA from anywhere which is what I want. The problem is, Nabu Casa isn’t passing the forwarded IP address where the connection originates. It’s sending 127.0.0.1 which is the loopback address. So if a ban occurs, it bans everyone. I have to remote into my server and remove 127.0.0.1 from ip_bans.yaml to get it back up.
Remote Access Limitations The IP address of the incoming request is not being forwarded. This means that you cannot use remote access if you are using one of the following network scenarios:
- If your Home Assistant instance has configured
127.0.0.1or::1as trusted networks or proxies. - If you use IP bans, the remote connection will be banned as a whole instead of just the address from which the incorrect passwords were entered.
- We are currently exploring a solution for this issue.
Because of this, CrowdSec (Which is great, I use it on my other self-hosted services) won’t work either.