Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloudflare stops the API access #166

Open
altmind opened this issue Mar 1, 2023 · 19 comments
Open

Cloudflare stops the API access #166

altmind opened this issue Mar 1, 2023 · 19 comments

Comments

@altmind
Copy link

altmind commented Mar 1, 2023

While trying to access the curl ifconfig.co/ I'm getting cloudlfare challenge that is impossible to do in curl. The "How do I get this programmatically?" section does not work.

<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Just a moment...</title>
...
        <h2 class="h2" id="challenge-running">
            Checking if the site connection is secure
        </h2>

Remove the cloudflare, of this website is not usable for its intended purpose.

@altmind
Copy link
Author

altmind commented Mar 1, 2023

Sourcing from 35.79.238.0/24, but im not asking to whitelist this subnet. Cloudlfare defeats the purpose of API access, cloudflare needs to be removed?

@mfld-pub
Copy link

mfld-pub commented Mar 1, 2023

Cloudflare enterprise can make rules to bypass bot prevention with granularity.

Free, pro and business can only turn it on or off.

Uptime-Kuma project has the same issue.

Cloudflare itself doesn't break this. We have our own instance of echo IP behind cf and query with curl. The bot protection creating false positives is the issue.

@altmind
Copy link
Author

altmind commented Mar 1, 2023

well, the IP address that had <10/accesses to ifconfig.co in the past 90days is getting blocked by cloudflare.

cloudflare is falsely blocking non-abusing IP address.

@mfld-pub
Copy link

mfld-pub commented Mar 1, 2023

well, the IP address that had <10/accesses to ifconfig.co in the past 90days is getting blocked by cloudflare.

cloudflare is falsely blocking non-abusing IP address.

Yes, they are. The only remedy is to go on an expensive plan or disable bot fighting option in CF for the domain. IIRC it is on by default.

They have a way to get certain clients or apps whitelisted but this is not possible for python -requests or curl as that's exactly what a bot would use.

@altmind
Copy link
Author

altmind commented Mar 1, 2023

im asking to disable cloudflare for the main website

@mfld-pub
Copy link

mfld-pub commented Mar 1, 2023

I don't think this will be done. It would expose the origin server and lose ddos protection. The compromise is to toggle "bot fighting mode" off.

@altmind
Copy link
Author

altmind commented Mar 1, 2023

well, to bad i cannot use the website because of false positives

@fiskhest
Copy link

fiskhest commented Mar 2, 2023

@mpolden would you consider toggling the cloudflare bot fighting mode off? See above comments from @mfld-pub

@mpolden
Copy link
Owner

mpolden commented Mar 4, 2023

@dhrp is in charge of hosting now. Maybe we can try turning off the bot-fighting mode?

@giladreich
Copy link

I'm experiencing the same issue, especially when running in CI/CD environment using GitHub's runners or AWS EC2 instances. @mpolden @dhrp, would you be so kind to disable the bot-fighting mode? Thank you!

@fiskhest
Copy link

Seems like it was silently fixed, I can curl ifconfig.co again and get an IP reply. Thanks!

@giladreich
Copy link

Seems like it was silently fixed, I can curl ifconfig.co again and get an IP reply. Thanks!

@fiskhest nope. I just tried again via GitHub actions:

<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-[8](https://github.com/***/***/actions/runs/***/jobs/***#step:5:9)">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge">
    <meta name="robots" content="noindex,nofollow">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
    <div class="main-wrapper" role="main">
    <div class="main-content">
        <h1 class="zone-name-title h1">
            <img class="heading-favicon" src="/favicon.ico" alt="Icon for ifconfig.co"
                 onerror="this.onerror=null;this.parentNode.removeChild(this)">
            ifconfig.co
        </h1>
        <h2 class="h2" id="challenge-running">
            Checking if the site connection is secure
        </h2>
        <noscript>
            <div id="challenge-error-title">
                <div class="h2">
                    <span class="icon-wrapper">
                        <div class="heading-icon warning-icon"></div>
                    </span>
                    <span id="challenge-error-text">
                        Enable JavaScript and cookies to continue
                    </span>
                </div>
            </div>
        </noscript>
....

@hydrargyrum
Copy link

Yes, the service is worthless as is, but fortunately there are alternatives that actually work:

curl https://api.ipify.org/
curl -6 https://api64.ipify.org/

@giladreich
Copy link

@mpolden or any maintainer? ping.

@mfld-pub
Copy link

Simple solution for me was to self host the project on a domain of my choosing with LB/WAF settings of my choosing. Runs well and requires very very little resources.

Perhaps y'all could consider doing that.

@giladreich
Copy link

Simple solution for me was to self host the project on a domain of my choosing with LB/WAF settings of my choosing. Runs well and requires very very little resources.

Perhaps y'all could consider doing that.

That option is kind of obvious, but then again at the cost of maintenance. Mind sharing your process of self-hosting it? How much resources you gave the instance? Did you implement a load balancer? What about updating the Geo location databases, did you implement automation for it to auto-update? AFAIK also for getting the Geo location databases it requires creating an account and such.

@ifconfigla
Copy link

ifconfigla commented Aug 14, 2023

For anyone finding the same problem I made the host of https://ifconfig.la which is cloudflare-free.

@hydrargyrum
Copy link

ifconfig.la doesn't support ipv6

@ifconfigla
Copy link

@hydrargyrum It is intentional since we could not check tor exit nodes against IPv6 exit nodes. If some amount of donation is received will host another instance under a new domain that will support both IPv4 and IPv6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants