Service or UI to remove banned IP addresses

Feature Requests
21

Hi! Got the same on my local network after upgrade to 107. I use stream component, but was not even opening this page.

22

Took a lot of digging, but in this post there was a mention of getting IP_banned after accessing remote cameras as well.

It was an old topic regarding the changes to trusted_networks in HA .89 so it didn’t seem at all relevant. But on a hunch, I added 127.0.0.1 (localhost) along with my local internal network as a trusted network and now I haven’t had any authentication errors accessing cameras.

I have no idea why localhost would be needed, or if it was something else I did in the mad scramble trying to fix it, but I no longer have any problem. So if you don’t have this currently defined in your auth_providers configuration, give it a shot and please confirm results.

1 Like
23

Unfortunately, this didn’t work for me, still getting authentication errors from iOS and web interface as well. I will try a bit later to add internal hassio addons subnet as trusted network, just for a test.

24

Just for information, I tried adding:

- my_home_subnet
- 127.0.0.1
- 172.30.33.0/25

to trusted networks. 172.30.33.0/25 is hassio add-ons subnet. And I am still getting authorization errors.
I will just wait untill 0.108 is out and, if ip_ban is not fixed there, will try to remove all camera streams from frontend for a test.

25

So it was something else in my case, not camera streams - I have now no camera streams at frontend and still invalid authentication attempts.

26

I am interested in last_authenticated sensor, how would you set it up? Thanks!

27

Use this


Then in configuration.yaml you will need this: 
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
  ip_ban_enabled: true
  login_attempts_threshold: 5
# Logger
logger:
  default: warn  #warn
  logs:
    custom_components.sensor.authenticated: debug

You will then have a sensor.last_successful_authentication you can display in lovelace like this:
image

1 Like
28

Thank you, This is really helpful!

29

@DavidFW1960

Have you had any luck in getting the notification to work (per the documentation) ?

image
image736×195 14.1 KB

My code (configuration.yaml)

 sensor:
   - platform: authenticated
     enable_notification: true
     provider: ipapi
30

Yes I get notifications

31

hmmm…
Here’s my config, would you be kind enough to compare against yours to see if I am missing something?

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.0.0/24
      trusted_users:
        192.168.0.0/24:
          - userID 1- redacted
          - userID 2- redacted
          - userID 3- redacted
          - userID 4- redacted
          - userID 5- redacted
          - userID 6- redacted
    - type: homeassistant


http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
  ip_ban_enabled: true
  login_attempts_threshold: 3

logger:
  default: warn
  logs:
      custom_components.sensor.authenticated: debug

sensor:
  - platform: authenticated
    enable_notification: true
    provider: ipapi
32

Here is auth. My http is shown in above post.

# Auth & 2FA
  auth_mfa_modules:
    - type: notify
    - type: totp
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 127.0.0.1
        - ::1
        - !secret my_ipv4_network
        - fd00::/8
        - !secret zerotier_network
        - !secret my_ipv6_network
      trusted_users:
        127.0.0.1: !secret user_id
        "::1": !secret user_id
        !secret trusted_ipv4: !secret user_id
        "fd00::/8": !secret user_id
        !secret trusted_ipv6: !secret user_id
        !secret zerotier_network: !secret user_id
      allow_bypass_login: true
    - type: homeassistant

Configuration of component:

# Sensors
sensor:

# Authentication Sensor
  - platform: authenticated
    enable_notification: true
    provider: 'ipapi'
    exclude:
      - !secret my_ipv4_network
      - fd00::/8
      - !secret zerotier_network
      - !secret my_ipv6_network
1 Like
33

made a few adjustments… will have to see if that help any.
I like how you are using the secrets file for compartmentalizing the users and network info (had to take that into my setup, so thanks for showing that off).

1 Like
34

started getting the notifications.

1 Like
35

I don’t have banning enabled and don’t have ip_bans.yaml in my config folder but HA dosen’t let me log in from a specific IP of my desktop.

Has anyone else experienced similar problem?

Logs;

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:114
Integration: HTTP (documentation, issues)
First occurred: December 4, 2020, 11:17:43 AM (7occurrences)

36

I also keep getting one of my tablets constantly banned for no reason for years now. This is a very annoying issue.

It’s a shame you didn’t accept https://github.com/home-assistant/core/pull/18770 PR that addressed this issue.

1 Like
37

I voted because I have the same issue and I can’t believe this is so hard to fix :blush:

38

That (was working for years) seems to be partly broken now after updating to HA 2022.4: now attributes (like hostname, user, new_ip) are completely missing. Don’t know why. Any ideas how to get back this? Mainly detecting new first time/logins for being able to *do something*.

39

Seems ok here

image
image1020×231 21.7 KB

It has been showing that docker container for days now though…

40

Found something. Fix seems to be “on the way” but didn’t arrive for weeks. And whole project is marked as deprecated according to readme :frowning: