Unsecure https access

Hi,

I configured my auth_providers as discribed in the docs to get access without login on my digital signage pc.

homeassistant:
auth_providers:
- type: trusted_networks
trusted_networks:
- 192.168.0.0/24
- 127.0.0.1
- ::1
allow_bypass_login: true
- type: homeassistant

And it works without enter a login from LAN

After that I created an https access with Nginx Proxy Manager for the mobile app and it works too from WAN

BUT - after weeks I checked it from my work and can see that it is possible to enter the site WITHOUT a login!

Can someone tell me my mistake?

thanks in advance

At a guess your proxy is on 192.168.0.0/24, so any traffic that comes through it doesn’t need to login.

Hmm, you are right

so, it is not possible to set https without auto login from WAN and internal with auto login?

it is. You just need to set

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
  ip_ban_enabled: true
  login_attempts_threshold: 5

(IP_bans optional)

perfect, I didn’t know that

thank you very much for your help!