I still get these constantly.
1 Like
yep I get them as well, only my desktop IP in the alert, even though I use the companion app on like 3 other devices.
this still happens if you use xiaomi/roborock robot map card stuff
1 Like
This is still a problem
Hi,
I’ve been having this same issue. In my case, I know where it comes from: I have a couple of automations that play a sound or a music at a precise time (mainly to remember my kids to prepare for school in the morning). My setup is Home Assistant OS, on a dedicated RPi4, MPD, with NGINX reverse proxy (the base one and not the NGINX Manager), all of which are installed on the same RPi4.
These automations all worked (including the sound)… I obviously lose the sound after getting banned, but all works before getting banned.
Here’s a couple of sections of Config.yaml, first:
homeassistant:
auth_providers:
- type: homeassistant
- type: trusted_networks
trusted_networks:
- xxx.xxx.xxx.0/30 # Local IPs
- 127.0.0.1 # Local MPD
- xxx.xxx.xxx.0/24 # NGinX
allow_bypass_login: true
###########################################
http:
use_x_forwarded_for: true
trusted_proxies:
- xxx.xxx.xxx.xxx # couple of such lines for dedicated fixed adresses for local IPs
- xxx.xxx.xxx.0/24 # NGinX
ip_ban_enabled: true
login_attempts_threshold: 5
The infos I gathered seems to indicate that, when using an automation, MPD seems to go through an external path to get the music/sound to play. Even trying to “ease” the security through trusted_proxies or trusted_networks, MPD still bans itself in those automations.
I know that the trusted networks and trusted proxies can have overlaps, but when I tried to keep adresses only in trusted networks, I lose remote access, and trusted networks allows to skip login… that’s why I also keep it for local purposes…
I tried a lot of different possibilities, but I haven’t found the solution yet… Think I saw a couple of questions through the forums, so I know I’m not alone… but still no solutions.
Perhaps one of you will find that elusive solution… if so, please share, I’d be very happy to know about it!
1 Like
I had my Unifi Protect doorbell feed on my dashboard and constantly had these notifications. I’ve since removed the stream and put it in a card-mod popup instead. Doing so has solved the problem.
I’m on the exactly same boat as you, if u ever find a solution, please let me know
Finally, I just disabled the banning IP… not much of a solution, but it works fine now.
I have those issues lately,
and I think it’s related to some performance gaps I’m experiencing.
not sure which causes what.
but in de core log I found the error and info which sounds interesting to me.
23-10-30 13:21:39 WARNING (raven-sentry.BackgroundWorker) [urllib3.connectionpool] Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa7e90810>: Failed to establish a new connection: [Errno 111] Connection refused')': /api/5370612/envelope/
23-10-30 13:21:39 WARNING (raven-sentry.BackgroundWorker) [urllib3.connectionpool] Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa7e91fd0>: Failed to establish a new connection: [Errno 111] Connection refused')': /api/5370612/envelope/
23-10-30 13:21:39 WARNING (raven-sentry.BackgroundWorker) [urllib3.connectionpool] Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fa7e900d0>: Failed to establish a new connection: [Errno 111] Connection refused')': /api/5370612/envelope/
23-10-30 13:21:53 ERROR (MainThread) [supervisor.homeassistant.api] Error on call https://172.30.32.1:8123/api/core/state:
23-10-30 13:21:55 INFO (MainThread) [supervisor.homeassistant.api] Updated Home Assistant API token
23-10-30 13:21:59 WARNING (MainThread) [supervisor.addons.options] Option 'anonymous' does not exist in the schema for Mosquitto broker (core_mosquitto)
It is still existant and also related to Sonos Speakers. They must keep an Access Token to login which expires when HA restarts, I believe. Then HA rejects the now invalid token and therefor throws that error. That prevents Sonos from working properly with TTS, so to me not just a minor issue…
I just started getting these. Is there a way to remove the notifications thing from the sidebar? Very sad to want to resort to this. I would rather not be notified of anything than have a ton of useless notifications. I’d miss out on genuine notifications but I’ll resort to looking through logs or something on a schedule of my own. Pity
For my issue which seemed related to cameras, it does finally seem to be fixed.
Same here. After setting up an iPad on wallpanel I still get more and more login attempt failures from this device regarding api/calendars. It seems that there is a problem with CalDav and iCloud. All is setup correctly.
Login attempt or request with invalid authentication from iPadxxx.fritz.box (xxx.xxx.xxx.xxx). Requested URL: '/api/calendars/calendar.familienkalender?start=2024-02-17T00:00:00&end=2024-03-17T23:59:59'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Home Assistant/2024.1 (io.robbie.HomeAssistant; build:2024.535; iPadOS 17.2.0) Mobile/HomeAssistant, like Safari)
My main computer and all of my mobile devices don’t produce this error, only the wall mounted iPad is causing this. I still don’t get it why this happens and how to get rid of this. Any suggestions?
Could solve my issue with just a little setting. The tablet user was created only with local login. After removing this, the errors did not come back :).
Rejoiced to soon, error is back but not as often as before. Is there a need of long live tokens or something for iCloud calendar? I am still confused why this only happens with the tablet user but not with any other user.
I also get these messages for both ipv4 and ipv6. But it also means I cannot access HA from Android app. Sometimes I need to turn off/on wifi to make it work again (fritzbox) or I can “change server” via three finger swipe. Changing server means switching between ipv4 and ipv6.
No problems when trying to connect from mobile network via ipv6. Only within the local wifi.
I finally found the culprit for me ( took a year or so)
It was the the Secondaryinfo entity row custom card. It only supports administrator login, if a regular user logins and displays a page which has Secondaryinfo it will throw this error.
Fix: Remove the card and replace it with Multiple entity row for or give your users administrator access.
Ok I am not a “me-too”. It seems to affect both of my two servers (which are much different locations". I am getting this message
Logger: homeassistant.components.http.ban
Source: components/http/ban.py:138
integration: HTTP (documentation, issues)
First occurred: 11:06:04 AM (174 occurrences)
Last logged: 11:29:11 AM
Login attempt or request with invalid authentication from c-69-142-122-175.hsd1.nj.comcast.net (69.142.122.175). Requested URL: ‘/auth/token’. (Home Assistant/2024.2 (io.robbie.HomeAssistant; build:2024.561; macOS(Catalyst) 12.6.2) Alamofire/5.6.4)
Login attempt or request with invalid authentication from node-ba09f6b5a.cust.telbo.net (186.159.107.90). Requested URL: ‘/auth/token’. (Home Assistant/2024.3 (io.robbie.HomeAssistant; build:2024.608; macOS(Catalyst) 14.4.1) Alamofire/5.8.0)
In both cases it sems to center on
Requested URL: ‘/auth/token’
thoughts??
Self thought. I went through my devices both desktop and IiOS that were accessing my home assistant servers. Notification went away. When I reopened the no error, I remember readin some where about auth tokens. Guess this updated or replaced them
Same issue here using the companion app. If I delete the Ip_bans.yaml file, it works, but then a few moments later, it gets banned again. If I can use the app, what’s causing the invalid authentication?
I wish I could help but after some upgrades to my HA server companion has become a MAJOR PITA. iPhones is at another location