Cloudflare stops the API access

[altmind]

While trying to access the curl ifconfig.co/ I'm getting cloudlfare challenge that is impossible to do in curl. The "How do I get this programmatically?" section does not work.

<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Just a moment...</title>
...
        <h2 class="h2" id="challenge-running">
            Checking if the site connection is secure
        </h2>

Remove the cloudflare, of this website is not usable for its intended purpose.

[altmind]

Sourcing from 35.79.238.0/24, but im not asking to whitelist this subnet. Cloudlfare defeats the purpose of API access, cloudflare needs to be removed?

[mfld-pub]

Cloudflare enterprise can make rules to bypass bot prevention with granularity.

Free, pro and business can only turn it on or off.

Uptime-Kuma project has the same issue.

Cloudflare itself doesn't break this. We have our own instance of echo IP behind cf and query with curl. The bot protection creating false positives is the issue.

[altmind]

well, the IP address that had <10/accesses to ifconfig.co in the past 90days is getting blocked by cloudflare.

cloudflare is falsely blocking non-abusing IP address.

[mfld-pub]

well, the IP address that had <10/accesses to ifconfig.co in the past 90days is getting blocked by cloudflare.

cloudflare is falsely blocking non-abusing IP address.

Yes, they are. The only remedy is to go on an expensive plan or disable bot fighting option in CF for the domain. IIRC it is on by default.

They have a way to get certain clients or apps whitelisted but this is not possible for python -requests or curl as that's exactly what a bot would use.

[altmind]

im asking to disable cloudflare for the main website

[mfld-pub]

I don't think this will be done. It would expose the origin server and lose ddos protection. The compromise is to toggle "bot fighting mode" off.

[altmind]

well, to bad i cannot use the website because of false positives

[fiskhest]

@mpolden would you consider toggling the cloudflare bot fighting mode off? See above comments from @mfld-pub

[mpolden]

@dhrp is in charge of hosting now. Maybe we can try turning off the bot-fighting mode?

[giladreich]

I'm experiencing the same issue, especially when running in CI/CD environment using GitHub's runners or AWS EC2 instances. @mpolden @dhrp, would you be so kind to disable the bot-fighting mode? Thank you!

[fiskhest]

Seems like it was silently fixed, I can curl ifconfig.co again and get an IP reply. Thanks!

[giladreich]

Seems like it was silently fixed, I can curl ifconfig.co again and get an IP reply. Thanks!

@fiskhest nope. I just tried again via GitHub actions:

<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-[8](https://github.com/***/***/actions/runs/***/jobs/***#step:5:9)">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge">
    <meta name="robots" content="noindex,nofollow">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">
</head>
<body class="no-js">
    <div class="main-wrapper" role="main">
    <div class="main-content">
        <h1 class="zone-name-title h1">
            <img class="heading-favicon" src="/favicon.ico" alt="Icon for ifconfig.co"
                 onerror="this.onerror=null;this.parentNode.removeChild(this)">
            ifconfig.co
        </h1>
        <h2 class="h2" id="challenge-running">
            Checking if the site connection is secure
        </h2>
        <noscript>
            <div id="challenge-error-title">
                <div class="h2">
                    <span class="icon-wrapper">
                        <div class="heading-icon warning-icon"></div>
                    </span>
                    <span id="challenge-error-text">
                        Enable JavaScript and cookies to continue
                    </span>
                </div>
            </div>
        </noscript>
....

[hydrargyrum]

Yes, the service is worthless as is, but fortunately there are alternatives that actually work:

curl https://api.ipify.org/
curl -6 https://api64.ipify.org/

[giladreich]

@mpolden or any maintainer? ping.

[mfld-pub]

Simple solution for me was to self host the project on a domain of my choosing with LB/WAF settings of my choosing. Runs well and requires very very little resources.

Perhaps y'all could consider doing that.

[giladreich]

Simple solution for me was to self host the project on a domain of my choosing with LB/WAF settings of my choosing. Runs well and requires very very little resources.

Perhaps y'all could consider doing that.

That option is kind of obvious, but then again at the cost of maintenance. Mind sharing your process of self-hosting it? How much resources you gave the instance? Did you implement a load balancer? What about updating the Geo location databases, did you implement automation for it to auto-update? AFAIK also for getting the Geo location databases it requires creating an account and such.

[ifconfigla]

For anyone finding the same problem I made the host of https://ifconfig.la which is cloudflare-free.

[hydrargyrum]

ifconfig.la doesn't support ipv6

[ifconfigla]

@hydrargyrum It is intentional since we could not check tor exit nodes against IPv6 exit nodes. If some amount of donation is received will host another instance under a new domain that will support both IPv4 and IPv6.