Hello All,
So I implemented ModSecurity on my Nginx reverse proxy in front of my Hassio instance (docker on Ubuntu 18.04.3 VM) and it’s logging the following api webhook connections (not blocking until I can find out what they’re for). I’m unable to track the IPs down to a particular add-on, integration or service. Does anyone else see a lot of connections to these IPs or can provide insight into what these might be from? Trying to avoid shutting off all the add-ons or integrations to track this down. Here are the relevant log entries:
54.82.4.129 - - [08/Nov/2019:08:21:39 +0000] “POST /api/webhook/[webhook ID] HTTP/1.1” 200 17 “-” “AHC/2.1”
54.83.145.181 - - [08/Nov/2019:08:23:03 +0000] “POST /api/webhook/[webhook ID] HTTP/1.1” 200 17 “-” “AHC/2.1”
52.203.225.134 - - [08/Nov/2019:08:23:05 +0000] “POST /api/webhook/[webhook ID] HTTP/1.1” 200 17 “-” “AHC/2.1”
Observations:
- The repetitive connections are made to these 3 IPs and open and close every couple minutes throughout the day regardless of my interaction with HA.
- The IPs are registered/hosted by Amazon Web Services.
Add-ons that I’m using on Hassio 0.99.3:
- MQTT Server and Web Client 1.1.0
- Node-Red 5.0.3
- Log Viewer 0.6.4
- Portainer 0.8.0
- SSH and Web Terminal 6.4.0
- Smartthings Bridge 0.0.3
- Visual Studio Code 1.1.1
- Chrony 1.0.4
Integrations:
- Smartthings (maybe HA is “phoning home”?)
- GPSLogger
- Google Cast