Login attempt or request with invalid authentication

[bombaata]

The problem

My router's IP (192.168.1.253 here) is sometimes banned. Using the official Android app on my smartphone.

I think it happens when I arrive home and my phone connects to my wifi network, and the server URL in the app is different in the app config if I'm home.

My ip_bans.yaml also gets filled with many duplicates, as I can see on anoter bug report here.

Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: August 14, 2023 at 10:52:02 AM (202 occurrences)
Last logged: 10:52:41 AM

Login attempt or request with invalid authentication from pop.92-184-100-xx.mobile.abo.orange.fr (92.184.100.xx). Requested URL: '/api/websocket'. (Home Assistant/2023.7.5-10506 (Android 13; SM-G991B))
Banned IP 92.184.100.xx for too many login attempts
Login attempt or request with invalid authentication from 192.168.1.253 (192.168.1.253). Requested URL: '/api/websocket'. (Home Assistant/2023.7.5-10506 (Android 13; SM-G991B))
Banned IP 192.168.1.253 for too many login attempts

What version of Home Assistant Core has the issue?

core-2023.8.2

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

http

Link to integration documentation on our website

https://www.home-assistant.io/integrations/http

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[home-assistant]

Hey there @home-assistant/core, mind taking a look at this issue as it has been labeled with an integration (http) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of http can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign http Removes the current integration label and assignees on the issue, add the integration domain after the command.

_{^{(message by CodeOwnersMention)}}

---

http documentation
http source
_{^{(message by IssueLinks)}}

[snowmangh]

I have a similar issue here. I can log to Home Assistant from any of my Mac computers except one.

HA Core version: 2023.8.1 running in a Docker container on a Synology NAS.

This is the error I am getting and the "ip_bans.yaml"' file is empty.

Login attempt or request with invalid authentication from 172.17.0.1 (172.17.0.1). Requested URL: '/auth/login_flow/7f14743d13e199d3372abf9ac74fbb63'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15)
Login attempt or request with invalid authentication from 172.17.0.1 (172.17.0.1). Requested URL: '/auth/login_flow/452ec79f148be3ec0cca6781cbb0071a'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Safari/605.1.15)

[Tobi9111]

Hi,
here the same issue.
I think the error occours when i entry or leave home and is dependend from a bad WLAN signal strength in that moment when the App want access the ha-instance. I have that issue with Android 9 and 13 devices. Furthermore i think the issue exist since a long time.
Today i am on:
Home Assistant 2023.8.4
Supervisor 2023.08.3
Operating System 10.5
installed as VM on proxmox.

Logger: homeassistant.components.http.banhomeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: 18:29:08 (5 occurrences)
Last logged: 18:29:57

Login attempt or request with invalid authentication from xxxxxxxxxxxx

Best regards
Tobi

[akshay7394]

Same problem here, also being triggered by devices on Android 13 - not seeing it occur from any other devices so far.

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: 11:32:52 AM (14 occurrences)
Last logged: 11:44:57 AM

• Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2023.8.2-10992 (Android 13; Pixel 6a))
• Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/api/websocket'. (Mozilla/5.0 (Linux; Android 13; Pixel 6a Build/TQ3A.230805.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/116.0.0.0 Mobile Safari/537.36 Home Assistant/2023.8.2-10992 (Android 13; Pixel 6a))

[ademalidurmus]

I got same error and resolve with the following configurations.

1. I'm using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.

   location / {
           proxy_pass              http://10.0.0.5:8123;
           proxy_set_header        Host            $host;
           proxy_redirect          http://         https://;
           proxy_set_header        Authorization   $http_authorization;
           proxy_pass_header       Authorization;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection “upgrade”;
    }
   

   

2. Here is my configuration.yml

   http:
     cors_allowed_origins:
       - https://public.domain.tld # my public domain
     use_x_forwarded_for: true
     trusted_proxies:
       - 10.0.0.3 # nginx proxy manager internal IP adress
   

3. Setting -> System -> Network settings

   

I hope it will help to you.

[ivanovd]

I have the same issue. Here is the config and the error:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.19.8.4    

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 16:09:46 (5 occurrences)
Last logged: 16:14:43

Login attempt or request with invalid authentication from 10.19.8.1 (10.19.8.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.188)
Login attempt or request with invalid authentication from 10.19.8.1 (10.19.8.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36)

[ademalidurmus]

What is the 10.19.8.1? Is it your gateway or proxy IP address? If yes I thing it could be added to the trusted_proxies.

[ivanovd]

@ademalidurmus it is my IP address, the one that I am trying to access HA from.

[Tobi9111]

I think i have solved the Error for me:
Since i have set Up the Feature for permanent Link to my HA Server in the Android App (Android 13 device), there ist no error anymore in notification and Log. Hope that Help for you, too.
Best regards
Tobi

[ademalidurmus]

@ademalidurmus it is my IP address, the one that I am trying to access HA from.

@ivanovd can you try to add your IP address to the trusted_proxies? After configuration update pls restart HA.

[Tobi9111]

@ademalidurmus it is my IP address, the one that I am trying to access HA from.

@ivanovd can you try to add your IP address to the trusted_proxies? After configuration update pls restart HA.

I think it could only help for the moment, until the device get a new puplic-IP from provider/ap. Or i'm wrong?
Best regards
Tobi

[ademalidurmus]

I think it could only help for the moment, until the device get a new puplic-IP from provider/ap. Or i'm wrong?

Yes, you are right, but this is an internal IP address, and if it can be configured manually instead of using DHCP, it will resolve. Let's wait for @ivanovd's response to understand if it will resolve the problem temporarily or permanently.

[ivanovd]

@Tobi9111 @ademalidurmus , it is an internal IP (10.19.8.1). I have added it to the trusted proxies list:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.19.8.4
    - 10.19.8.1

However, I am still getting the same error:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: 15:16:28 (6 occurrences)
Last logged: 15:19:08

Login attempt or request with invalid authentication from 10.19.8.1 (10.19.8.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.188)

I have also installed and set up nginx proxy manager and added the host there with the following parameters:

Still no go ...

[ademalidurmus]

@ivanovd

1. Did you configure the following stuff from the Advanced settings?

location / {
        proxy_pass              http://10.19.9.116:8123;
        proxy_set_header        Host            $host;
        proxy_redirect          http://         https://;
        proxy_set_header        Authorization   $http_authorization;
        proxy_pass_header       Authorization;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection “upgrade”;
 }

2. Please check your configuration.yml file contains the following configs.

http:
  cors_allowed_origins:
    - https://wc.dreamix.eu
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.19.8.4
    - 10.19.8.1

3. Please check the "Setting -> System -> Network settings" configuration for the local and remote connection.
4. Please check "Settings > Companion app > Serves and Devices > Connection Informations"
   With this menu, you can configure your Home Assistant URLs for intranet and internet. You need to select Wi-Fi SSIDs for your local connection to decide whether you are connecting from your home internet (intranet) or cellular internet.