Closed kimrutherford closed 2 weeks ago
@kimrutherford Hm, good news and bad news. The good news is that this is a "feature" of Cloudflare that has a toggle switch (a la https://meta.stackexchange.com/questions/261741/cloudflare-error-1010-banned-access-based-on-your-browsers-signature). The bad news is that I'm not sure we should turn it off to support this use case--we've had trouble with bots in the past and apparently this has been a problematic user agent (from the POV of Cloudflare).
I think we have adjusted the filter to allow things generally through for api.geneontology.org, while still preserving the checks on the other geneontology.org sites. Could you give this a try and let us know if it's working for you now? (We may have to revisit if bot traffic increases, etc.)
Thank you to @sierra-moxon for checking into this.
The bad news is that I'm not sure we should turn it off to support this use case--we've had trouble with bots in the past and apparently this has been a problematic user agent (from the POV of Cloudflare).
I think it's OK to leave it turned on as long as it's documented that the user-agent needs to be set to something else in client code. Although to be honest I think bots are going to be setting the user-agent to innocent sounding things too.
Could you give this a try and let us know if it's working for you now?
It works now thanks.
Thank you to @sierra-moxon for checking into this.
Thanks!
Hi.
This is a bit odd. I have an easy work-around but I'm reporting it in case it confuses others.
The API returns 403 if the
user-agent
header containslibwww-perl
This curl command works:
But this doesn't:
Output:
For completeness, this is the script that confused me:
Output:
The work-around: