core: Login attempt or request with invalid authentication

The problem

My router’s IP (192.168.1.253 here) is sometimes banned. Using the official Android app on my smartphone.

I think it happens when I arrive home and my phone connects to my wifi network, and the server URL in the app is different in the app config if I’m home.

My ip_bans.yaml also gets filled with many duplicates, as I can see on anoter bug report here.

Source: components/http/ban.py:80
Integration: HTTP (documentation, issues)
First occurred: August 14, 2023 at 10:52:02 AM (202 occurrences)
Last logged: 10:52:41 AM

Login attempt or request with invalid authentication from pop.92-184-100-xx.mobile.abo.orange.fr (92.184.100.xx). Requested URL: '/api/websocket'. (Home Assistant/2023.7.5-10506 (Android 13; SM-G991B))
Banned IP 92.184.100.xx for too many login attempts
Login attempt or request with invalid authentication from 192.168.1.253 (192.168.1.253). Requested URL: '/api/websocket'. (Home Assistant/2023.7.5-10506 (Android 13; SM-G991B))
Banned IP 192.168.1.253 for too many login attempts

What version of Home Assistant Core has the issue?

core-2023.8.2

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

http

Link to integration documentation on our website

https://www.home-assistant.io/integrations/http

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

About this issue

  • Original URL
  • State: open
  • Created 10 months ago
  • Comments: 36

Most upvoted comments

I am not using any proxy, and I do not have any kind of banning set up. The problem is happening me only with the android companion app when connected to my own WIFI.

Same setup as i have, with Android companion app.

+2
aletzi1 on Feb 22, 2024

I am not using any proxy, and I do not have any kind of banning set up. The problem is happening me only with the android companion app when connected to my own WIFI.

+2
guystreeter on Feb 22, 2024

I got same error and resolve with the following configurations.

  1. I’m using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.

    location / {
        proxy_pass              http://10.0.0.5:8123;
        proxy_set_header        Host            $host;
        proxy_redirect          http://         https://;
        proxy_set_header        Authorization   $http_authorization;
        proxy_pass_header       Authorization;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection “upgrade”;
 }
    image

  2. Here is my configuration.yml

    http:
  cors_allowed_origins:
    - https://public.domain.tld # my public domain
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.3 # nginx proxy manager internal IP adress

  3. Setting -> System -> Network settings image

I hope it will help to you.

Hello. I use this and the problems with the logs are solved. But apears other problem. I use HAOS with the nginx in addon, and other addons like studio code server, zigbee2mqtt, and other. I iuse your configuration in nginx and with the cors line in confing. I cant see the web inferface of this addons. not apears by the domain, but apears by the local ip of the HAOS.

can i modify some to works?

+2
DAVIZINH0 on Feb 4, 2024

Hi, here the same issue. I think the error occours when i entry or leave home and is dependend from a bad WLAN signal strength in that moment when the App want access the ha-instance. I have that issue with Android 9 and 13 devices. Furthermore i think the issue exist since a long time. Today i am on: Home Assistant 2023.8.4 Supervisor 2023.08.3 Operating System 10.5 installed as VM on proxmox.

Logger: homeassistant.components.http.banhomeassistant.components.http.ban Source: components/http/ban.py:80 Integration: HTTP (documentation, issues) First occurred: 18:29:08 (5 occurrences) Last logged: 18:29:57

Login attempt or request with invalid authentication from xxxxxxxxxxxx

Best regards Tobi

+2
Tobi9111 on Sep 6, 2023

Same no proxy, I do use nabu casa, and it did only start when I started using that, so if you guys are running nabu casa as well maybe it is related to a proxy issue in the core, although we are not using proxy specifically, nabu casa is likely running proxy to work properly in the back end.

Yeah, same here, using the nabu casa subscription. It seems to have reduced of late, but it still happens occasionally.

+1
akshay7394 on Mar 28, 2024

I am not using any proxy, and I do not have any kind of banning set up. The problem is happening me only with the android companion app when connected to my own WIFI.

Same setup as i have, with Android companion app.

Same no proxy, I do use nabu casa, and it did only start when I started using that, so if you guys are running nabu casa as well maybe it is related to a proxy issue in the core, although we are not using proxy specifically, nabu casa is likely running proxy to work properly in the back end.

+1
brentfamily51 on Mar 18, 2024

I got same error and resolve with the following configurations.

  1. I’m using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.

    location / {
        proxy_pass              http://10.0.0.5:8123;
        proxy_set_header        Host            $host;
        proxy_redirect          http://         https://;
        proxy_set_header        Authorization   $http_authorization;
        proxy_pass_header       Authorization;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection “upgrade”;
 }
    image

  2. Here is my configuration.yml

    http:
  cors_allowed_origins:
    - https://public.domain.tld # my public domain
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.3 # nginx proxy manager internal IP adress

  3. Setting -> System -> Network settings image

I hope it will help to you.

Hello. I use this and the problems with the logs are solved. But apears other problem. I use HAOS with the nginx in addon, and other addons like studio code server, zigbee2mqtt, and other. I iuse your configuration in nginx and with the cors line in confing. I cant see the web inferface of this addons. not apears by the domain, but apears by the local ip of the HAOS.

can i modify some to works?

Same for me. Haven’t figured it out yet.

+1
a7hybnj2 on Feb 22, 2024

I also have this issue every day. Any idea what will cause it? Passwords are okay, i can log in with both phones, i have reinstalled apps.

Logger: homeassistant.components.http.ban Source: components/http/ban.py:129 Integration: HTTP (documentation, issues) First occurred: 27. tammikuuta 2024 klo 21.52.36 (2 occurrences) Last logged: 07.17.59

Login attempt or request with invalid authentication from 192.168.100.100 (192.168.100.100). Requested URL: ‘/api/websocket’. (Mozilla/5.0 (Linux; Android 14; CPH2415 Build/UKQ1.230924.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.230 Mobile Safari/537.36 Home Assistant/2023.12.4-11898 (Android 14; CPH2415))

Login attempt or request with invalid authentication from 192.168.100.101 (192.168.100.101). Requested URL: ‘/api/websocket’. (Mozilla/5.0 (Linux; Android 13; KB2003 Build/RKQ1.211119.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/120.0.6099.231 Mobile Safari/537.36 Home Assistant/2023.12.4-11898 (Android 13; KB2003))

+1
aletzi1 on Jan 29, 2024

Hi, I’m a new home assistant user and I faced same issue as uros76 posted recenty. In my case issue was http.ban error saying ‘/api/websocket/’ invalid authentication on every single login. I used my web browser and HA in my local network (kvm virtual machine with forwarded port 8123). So I figured out for me it was caused by Adblock browser plugin. Looks like it blocked some HA scripts for some reason and caused this behavior. As soon as I turned Adblock off for HA page - all started working just fine. If you are using ad blocking in your network (dns based or browser plugin or some sort of general firewall/software) - try to whitelist HA. Hope this helps.

+1
NN-Andrey on Oct 23, 2023

I got same error and resolve with the following configurations.

  1. I’m using nginx-proxy-manager for the container api routing. Here is my advanced configuration for this tool.

    location / {
        proxy_pass              http://10.0.0.5:8123;
        proxy_set_header        Host            $host;
        proxy_redirect          http://         https://;
        proxy_set_header        Authorization   $http_authorization;
        proxy_pass_header       Authorization;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection “upgrade”;
 }
    image

  2. Here is my configuration.yml

    http:
  cors_allowed_origins:
    - https://public.domain.tld # my public domain
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.0.0.3 # nginx proxy manager internal IP adress

  3. Setting -> System -> Network settings

    image

I hope it will help to you.

+1
ademalidurmus on Sep 14, 2023
Read more comments on GitHub
← core: Login Attempt Failed
core: Logitech Harmony Hub YAML config no longer working 0.108.0b0 →