Skip to content

Fix PEM (Pembrokeshire) scraper#406

Open
symroe wants to merge 1 commit into
masterfrom
fix/PEM-scraper
Open

Fix PEM (Pembrokeshire) scraper#406
symroe wants to merge 1 commit into
masterfrom
fix/PEM-scraper

Conversation

@symroe

@symroe symroe commented Jun 30, 2026

Copy link
Copy Markdown
Member

What broke

PR #395 (merged June 27) migrated mgenglish.pembrokeshire.gov.uk from HTTP to HTTPS, but the scraper has continued failing on June 28 with connection reset by peer (OS error 104, ECONNRESET). Investigation shows:

  • TCP connection to port 443 succeeds (server is listening)
  • TLS handshake is actively RST'd when using wreq's Firefox133 TLS fingerprint
  • Python's ssl module can establish TLS 1.3 but receives an unexpected EOF at the HTTP request stage
  • This is consistent with a WAF that RSTs connections based on TLS ClientHello fingerprint

The pattern is the same as HAL, TON, MON, and HNS — WAF TLS fingerprint blocking that playwright's Chrome fingerprint bypasses.

What was fixed

  • Added http_lib = "playwright" — headless Chromium's TLS fingerprint is not blocked by the WAF, allowing the ModGov XML endpoint to be reached.

Scrape results

Cannot confirm counts from this environment (server rejects all non-Chrome TLS fingerprints including our proxy IP). Counts will be confirmed on the next Lambda run.

Metric Count
Councillors found TBC (Lambda run needed)
With email address TBC (Lambda run needed)
With photo TBC (Lambda run needed)

Generated by Claude Code

…nt block

After PR #395 migrated the URL from http:// to https://, the scraper still
fails with connection reset by peer (OS error 104, ECONNRESET) on
mgenglish.pembrokeshire.gov.uk:443. Testing confirms:
- TCP connection establishes successfully (port 443 reachable)
- TLS handshake is RST'd by the server when using wreq's Firefox133 fingerprint
- Python ssl can establish TLS 1.3 but HTTP request then receives unexpected EOF

This is a WAF TLS fingerprint block. Switching to headless Chromium's TLS
fingerprint bypasses the WAF, same fix as HAL, TON, MON, HNS.
@symroe

symroe commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

Re-scrape after a37a55f

Added http_lib = "playwright" to bypass WAF TLS fingerprint block on mgenglish.pembrokeshire.gov.uk.

Cannot run the scraper from this environment — all non-Chrome TLS fingerprints (wreq Firefox133, Python ssl, httpx) receive either a TCP RST or unexpected EOF from the server. TCP port 443 is reachable, and TLS 1.3 negotiates successfully with Python's ssl module, but the HTTP request then receives an unexpected EOF. Playwright's Chrome TLS fingerprint should clear this WAF check from Lambda.

Metric Count
Councillors found TBC — Lambda run needed
With email address TBC — Lambda run needed
With photo TBC — Lambda run needed

Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant