6.0.3.1 - Broke my webserver

[jaydeel]

Just a heads up. All tested customizations using HTTP Interface and JSON Interface calls are not working.

I haven't taken time yet to debug this. I just reverted to 6.0.2.10.

(and yes I did reboot the server after updating)

 

[biggen]

Are you talking about UI3 when you say webserver??

 

[jrbeddow]

Just a heads up. All tested customizations using HTTP Interface and JSON Interface calls are not working.

I haven't taken time yet to debug this. I just reverted to 6.0.2.10.

(and yes I did reboot the server after updating)

Please elaborate: how many things will likely be broken by this? Pushover notifications as well?

Can I presume you have sent off a support request to Ken?

 

[bp2008]

This is new "security" features noted in the changelog.

https://blueirissoftware.com/changelog6.pdf

Most likely you are getting hit by the "User-Agent" string validation which by default will block anything that does not pretend well enough to be a normal web browser.

I already sent Ken a support request asking to skip those new validation functions for local/LAN addresses as that should resolve the majority of 3rd-party integration issues. But unless Ken walks back this entire set of security features, you can expect it to continue causing pain when accessing via an address which Blue Iris does not recognize as local.

 

[jaydeel]

Pushover notifications as well?

I did not test the Pushover curl Action before reverting back to 6.0.2.10.

But based on bp2008's comments, I doubt it's affected as it does not involve BI HTTP or JSON commands.

 

[Vettester]

I did not test the Pushover curl Action before reverting back to 6.0.2.10.

But based on bp2008's comments, I doubt it's affected as it does not involve BI HTTP or JSON commands.

Pushover notifications still work. I also got the webserver to work by adding my external IP address to the "Limit access by IP address:" field.

 

[Tinman]

Hmmm, mine is working fine using Zero tier.

 

[Vettester]

Hmmm, mine is working fine using Zero tier.

Mine was working fine on running Chrome my MacBook and iPhone, but I did notice that the monitor in my kitchen was having issues. It's running UI3 via Chromium on a RPI.

 

[reotto]

This change definitely breaks the Home Assistant integration. I’m logging an issue with them, but reverted back.

 

[bctrainers]

Reverse Proxy via nginx is no longer functional to Blue Iris, instantly throws a 502 Bad Gateway and nginx logs report the following (URLs redacted):

2026/02/26 01:07:25 [error] 1461411#1461411: *9253 upstream prematurely closed connection while reading response header from upstream, client: 192.168.20.58, server: <redacted>, request: "GET / HTTP/2.0", upstream: "http://192.168.20.7:8080/", host: "<redacted>", referrer: "<redacted>"

Directly accessing Blue Iris on LAN via http://192.168.20.7:8080/ has no issues experienced. It almost feels as if BI is expecting an additional header to be passed... Very weird behavior. UA in use: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

Even if i wipe the bad UA's list and add in some items such as perl,wget,python-requests - it makes no difference.