Add option to change user agent and a cookie to send verified requests to Cloudflare protected websites.#91
Add option to change user agent and a cookie to send verified requests to Cloudflare protected websites.#91grous0 wants to merge 4 commits intothebuildcraft:mainfrom
Conversation
Signed-off-by: Ömer Ferhat Şenel <grousee@proton.me>
Signed-off-by: Ömer Ferhat Şenel <grousee@proton.me>
|
Messes up with the versions below 1.19.2 thing. idk why it did that probably IntelliJ "cleanup". |
Signed-off-by: Ömer Ferhat Şenel <grousee@proton.me>
|
Sorry for the late reply. I currently don't have time to completely review, test, compile and release it. Once my exams are over I will work on this :) |
|
I just tested it, but I can't get it to work. Cloudflare still returns 403 for some reason. |
Can you check that User Agent is also the same User Agent that cf-clearance issued with? It still works for me. You can also check it with an API client or cURL. |
|
Yes. I also copied the User-Agent from my Firefox. What browser did you use? I will try some more isolated testing then. |
I also used Firefox, Can you tell me the map website you're testing? I will test that out later when i come home. |
|
The one from your config: https://map.atlantikmc.com |
Can you confirm that the IP address used to get |
|
Yes. Its the same PC same OS right after I copied the cookie and user agent from firefox. |
|
So if it still returns 403 then i will test more, meanwhile can you test it with different servers? I will enhance the code and write a test for it. |
|
@thebuildcraft It seems like the website has a geoblock which is the reason why it works on me. I think you can try different websites and they'll work. |
|
Yea, that's also what I thought. I only found 1 other Cloudflare protected map from an old Github Issue here... But that also seems to geoblock me. But maybe Cloudflare doesn't like my IP after all the testing anymore for today... Do you think it's realistic that server owners add a way to decrease the Cloudflare security level for my mod so it can bypass the region block with just the cookie and user-agent combo? |
I doubt server owners will do anything. But in the cases where server admin want to allow traffic for this mod, maybe Cloudflare filtering system has a User-Agent filter or something like that to allow traffic. So requests sent with User-Agent: MapLink will bypass the Cloudlflare protection. Maybe i can spin up a "stub" Cloudflare-protected website for testing? |
|
User-Agent-only-whitelisting would be very easy to exploit by real bots. One thing I saw on another server is that it blocks player position requests if you are not connected to the minecraft server (probably IP based). If you want to make a testing site where Cloudflare doesn't escalate to the highest security level for IP addresses from other countries, sure :) |
2 participants
This is a simple change to fix #90 but temporarily. It adds 2 options user agent and a field for cf_clearance cookie.
This does not use CookieManager because it adds extra complexity for just 1 cookie. If project ever needs to have more than 1 cookie (for example a cookie list option might be added) consider changing to CookieManager.
cf_clearance cookie has a life span of 6 months (at least that's what Cloudflare says when adding the cookie) so after 6 months cookie must be renewed.
This change is only tested in 1.21.10 Fabric. I didn't tested it for other versions or mod loaders because it is 1:00 AM...
Another solution is introducing something like Selenium to actually solve the Cloudflare challenge inside the mod. But this introduces lot more complexity and dependency.
Locales: