Who or what is ban.py?

First- Sorry if this is a double-post, but after 1Hr, I still don’t see my original post on the forum.

I finally decided to risk an upgrade from 0.72.1 to 0.82.1, and to my surprise only two issues resulted. My Tradfri lights disappeared from the UI and frontend, but reconfiguring Tradfri brought those back.

I am also getting a warning panel:


And, my log shows:

Login attempt or request with invalid authentication from
2:23 PM components/http/ban.py (WARNING)

So, who or what is ban.py and why am I getting this warning? How do I fix it?


It’s the security feature to prevent unauthorized systems from logging in.

Do you have ip_ban_enabled set to true?

You have a device (running hassio?) that is trying to login and doesn’t have authentication token or correct password

Find what is trying to access your system from localhost?

Thanks,[quote=“flamingm0e, post:2, topic:81123”]
Find what is trying to access your system from localhost?

I’ve narrowed it down to Node-Red. In the Node-Red config node (not the Node-Red add-on config), I changed the address to my Pi address: and the error/warning followed.

Login attempt or request with invalid authentication from
4:16 PM components/http/ban.py (WARNING)

So, I am pretty certain that the problem is in Node-Red.
I used the Upgrade button on my frontend before lunch, and I have spent the past five hours fixing things the upgrade broke. It appears that Node-Red is the last one. (Fingers crossed).

I will have to reboot from my backup SD card with 0.72.1 to check, but I don’t recall if the config node in .72 asked for an API password. (I am not using SSL).

Other tips would be appreciated.

make sure you are running the latest node-red v8 and the newest home assistant nodes. 0.72.1 was a long time ago. a lot has changed.

While I upgrade Node-Red, do I need to add this to my homeassistant: component?

   - type: homeassistant
   - type: legacy_api_password

no. authentication is built in and default now. You do not need auth_providers

in fact, if you update node-red nodes and node-red version, you can use an auth token

OK, no auth_providers. That’s what I get for reading the docs (it seemed to indicate that I needed auth and auth_providers).

So, I did upgrade Node-Red, clicked on the Upgrade button and Home Assistant installed Node-Red v 1.1.0. (Where do you see v8?)

But still no progress. The Node-red config node does ask more for the authorization, below:


But surprise… selecting “I use hass.io” appears to have fixed Node-Red. A quick test of my flows on this Node-Red seem to all work now.

Again, thanks for the help.
Maybe I need to learn how to use SSL?


SSL has nothing to do with it. Unless you are exposing your node-red or HA to the internet, I don’t see the point.

Your other post is there. I just replied to you on it but you can ignore that since you figured out the problem here. :smiley:

According to that link, V8 is the version of Node.js.

Correct…I shortened my comment to just say Node-Red V8, simply because when you run the docker you have to specify V8 of the nodered image.

Thanks. I’m easily confused. But everything seems to be working now.
I decided to do the upgrade because when I try new things, my version was so old that it was getting difficult to ask for help.

So far, so good.

Not only that but the longer you leave it the further behind you get and the more things that will be broken and need fixing. JMHO

Hi, if you’re reaching here from Google, I found a solution to this problem using the newer authentication (instead of the legacy one with the -X-HA-Address), provided here: