TrustedProxies doesn't use correct subnet masking

Hey all…
I’m using Clouflare to passthrough traffic to my domain and to my HomeAssistant subdomain.

I’ve configured HomeAssistant HTTP part this way:

http:
    ip_ban_enabled: true
    login_attempts_threshold: 5
    use_x_forwarded_for: true
    trusted_proxies:
      - !secret traefik_ip
      - !secret router_ip
   # Cloudflare Servers:
      - 173.245.48.0/20
      - 103.21.244.0/22
      - 103.22.200.0/22
      - 103.31.4.0/22
      - 141.101.64.0/18
      - 108.162.192.0/18
      - 190.93.240.0/20
      - 188.114.96.0/20
      - 197.234.240.0/22
      - 198.41.128.0/17
      - 162.158.0.0/15
      - 104.16.0.0/12
      - 172.64.0.0/13
      - 131.0.72.0/22

Yet - when accessing HomeAssistant (through Cloudflare) I see this:

Refresh token for https://hass.myhost.com/
Created at April 15, 2020, 11:32 AM
Last used at September 14, 2020, 12:55 PM from 172.68.xx.xx

As far as I understand - 172.64.0.0/13 subnet should cover my case (172.68.xx.xx)

I also have a docker container for whoami where I’m seeing this:

X-Forwarded-For: 31.154.xx.xx, 172.68.xx.xx
...
X-Real-Ip: 172.68.xx.xx

So the X-Forwarded-For does forward the right data, but for some reason HomeAssistant doesn’t work with it.

How to troubleshoot this? Do I have some wrong configuration?

Thanks

Just a quick remark…
Any IP6 configured?
I also experienced issue with HA connections after I changed provider, turned out it wasn’t working due to IP6 used by new provider :confused:
Once I disabled IP6 in my router, things started working again :slight_smile:

Have you tried to use Cloudflare IP6 too in HA configuration? Can you even do that?

– Update –
@aceindy - tried your solution, unfortunatelly without any luck…

Too bad, worth a try though :wink:

Looks as if this was fixed in 0.115

1 Like

Seems it did, I no longer have issues with it :wink: