Skip to content

Fix HNS (Hounslow) scraper#405

Open
symroe wants to merge 1 commit into
masterfrom
fix/HNS-scraper
Open

Fix HNS (Hounslow) scraper#405
symroe wants to merge 1 commit into
masterfrom
fix/HNS-scraper

Conversation

@symroe

@symroe symroe commented Jun 30, 2026

Copy link
Copy Markdown
Member

What broke

democraticservices.hounslow.gov.uk has been timing out from Lambda for 10 consecutive days (June 19–28). The ModGov endpoint returns valid XML with 62 councillors when accessed via curl (confirmed), but Lambda's wreq client using its Firefox133 TLS fingerprint triggers a WAF block that drops the connection after 30 seconds. The existing verify_requests = False addresses a certificate issue on this host but does not bypass the WAF fingerprint check.

This is the same pattern as HAL, TON, MON, and other councils recently fixed with http_lib = "playwright".

What was fixed

  • Added http_lib = "playwright" — switches from wreq (Firefox133 TLS emulation) to headless Chromium, whose Chrome TLS fingerprint passes the WAF. verify_requests = False is retained as it was set by a previous maintainer for a certificate issue on this host.

Scrape results

Councillor count confirmed via direct XML fetch (62 <councillor> elements in GetCouncillorsByWard response). Email and photo counts require a full Lambda run to verify, as individual councillor detail pages are fetched during the scrape.

Metric Count
Councillors found 62 (confirmed from XML)
With email address TBC (Lambda run needed)
With photo TBC (Lambda run needed)

Generated by Claude Code

…t block

democraticservices.hounslow.gov.uk times out when accessed from Lambda
using wreq's Firefox133 TLS fingerprint. The ModGov endpoint serves valid
XML to curl (62 councillors confirmed) but the WAF drops connections from
wreq's specific ClientHello. Switching to headless Chromium bypasses the
WAF fingerprint check, same fix as HAL, TON, MON, and others.

verify_requests = False is retained as it was set by a previous maintainer
for a certificate issue on this host.
@symroe

symroe commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

Re-scrape after 94fb053

Added http_lib = "playwright" to bypass WAF TLS fingerprint block.

Cannot run the scraper end-to-end from this environment — democraticservices.hounslow.gov.uk is behind a WAF that blocks our proxy IP. However, the raw ModGov XML endpoint was verified independently via curl (with --insecure to skip the cert):

curl -sk https://democraticservices.hounslow.gov.uk/mgWebService.asmx/GetCouncillorsByWard | grep -c "<councillor>"
62

Email and photo counts require a full Lambda run (detail pages are fetched per-councillor during the scrape).

Metric Count
Councillors found 62 (from raw XML)
With email address TBC — Lambda run needed
With photo TBC — Lambda run needed

Generated by Claude Code

symroe added a commit that referenced this pull request Jul 4, 2026
committeeadmin.lancaster.gov.uk times out from Lambda with wreq's
Firefox133 TLS fingerprint — the server's WAF drops the connection during
the TLS handshake. The existing verify_requests = False addresses the cert
issue on this host but does not bypass the WAF fingerprint check.

Adding http_lib = "playwright" switches to headless Chromium whose Chrome
TLS fingerprint passes the WAF. verify_requests = False is retained as the
certificate issue is independent. Same pattern as DAC (PR #416) and HNS
(PR #405). The scraper has been failing for 10 consecutive days
(2026-06-23 through 2026-07-02). Previous fix attempt PR #381 was closed
without merging; this corrects the approach by keeping verify_requests.
symroe added a commit that referenced this pull request Jul 7, 2026
…gerprint block\n\nThe ModGov endpoint at cyfarfodyddpwyllgor.siryfflint.gov.uk returns 503 or\ntimes out when accessed from Lambda using wreq's Firefox TLS fingerprint. The\nendpoint serves valid XML (62 councillors, 61 with photos) to non-Lambda clients,\nconfirming this is a WAF fingerprint block rather than a server outage.\n\nAdding http_lib = \"playwright\" switches to headless Chromium's Chrome TLS\nfingerprint, which the WAF allows through. The existing verify_requests = False\nis retained as the certificate issue on this host is independent of the WAF block.\nSame pattern as DAC (#416), LAC (#420), HNS (#405), and others."
symroe pushed a commit that referenced this pull request Jul 10, 2026
democracy.medway.gov.uk times out from Lambda with wreq's Firefox133 TLS
fingerprint. The existing verify_requests=False addresses a certificate issue
but does not bypass the WAF's TLS fingerprint check, which drops the
connection before any HTTP response is returned. Adding http_lib="playwright"
switches to headless Chromium's Chrome TLS fingerprint, which passes the WAF
and allows the ModGov XML endpoint to be reached. Same fix pattern as HNS
(#405), LAC (#420), DAC (#416), and other recently fixed ModGov instances.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant