Fix DAC (Dacorum) scraper#416
Open
symroe wants to merge 1 commit into
Open
Conversation
democracy.dacorum.gov.uk's WAF drops the TLS handshake from Lambda when using wreq's Firefox133 fingerprint — the connection stalls and times out before any response is received. verify_requests=False (PR #346) addressed the self-signed cert but does not bypass the WAF fingerprint block. Adding http_lib="playwright" uses Chrome's TLS fingerprint which passes the WAF. verify_requests=False is retained as the cert issue is still present on this host.
Member
Author
Re-scrape after 5dbb2f5Added Based on the last successful run (PR #346, before the WAF fingerprint block began): 50 councillors, 0 emails (Dacorum does not publish emails via ModGov XML), 50 photos.
Generated by Claude Code |
symroe
added a commit
that referenced
this pull request
Jul 4, 2026
committeeadmin.lancaster.gov.uk times out from Lambda with wreq's Firefox133 TLS fingerprint — the server's WAF drops the connection during the TLS handshake. The existing verify_requests = False addresses the cert issue on this host but does not bypass the WAF fingerprint check. Adding http_lib = "playwright" switches to headless Chromium whose Chrome TLS fingerprint passes the WAF. verify_requests = False is retained as the certificate issue is independent. Same pattern as DAC (PR #416) and HNS (PR #405). The scraper has been failing for 10 consecutive days (2026-06-23 through 2026-07-02). Previous fix attempt PR #381 was closed without merging; this corrects the approach by keeping verify_requests.
symroe
added a commit
that referenced
this pull request
Jul 7, 2026
…gerprint block\n\nThe ModGov endpoint at cyfarfodyddpwyllgor.siryfflint.gov.uk returns 503 or\ntimes out when accessed from Lambda using wreq's Firefox TLS fingerprint. The\nendpoint serves valid XML (62 councillors, 61 with photos) to non-Lambda clients,\nconfirming this is a WAF fingerprint block rather than a server outage.\n\nAdding http_lib = \"playwright\" switches to headless Chromium's Chrome TLS\nfingerprint, which the WAF allows through. The existing verify_requests = False\nis retained as the certificate issue on this host is independent of the WAF block.\nSame pattern as DAC (#416), LAC (#420), HNS (#405), and others."
This was referenced Jul 7, 2026
symroe
pushed a commit
that referenced
this pull request
Jul 10, 2026
democracy.medway.gov.uk times out from Lambda with wreq's Firefox133 TLS fingerprint. The existing verify_requests=False addresses a certificate issue but does not bypass the WAF's TLS fingerprint check, which drops the connection before any HTTP response is returned. Adding http_lib="playwright" switches to headless Chromium's Chrome TLS fingerprint, which passes the WAF and allows the ModGov XML endpoint to be reached. Same fix pattern as HNS (#405), LAC (#420), DAC (#416), and other recently fixed ModGov instances.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What broke
democracy.dacorum.gov.uktimes out from Lambda. The existingverify_requests = False(from PR #346) fixed a certificate validation issue but does not bypass the WAF fingerprint block: the WAF drops the TLS handshake when it detects wreq's Firefox133 client-hello, hanging the connection until timeout. The endpoint responds correctly from non-Lambda IPs (confirmed IIS/302 via proxy).What was fixed
http_lib = "playwright"alongsideverify_requests = False— Playwright's Chrome TLS fingerprint passes the WAF.verify_requests = Falseis retained as the certificate issue on this host is independent of the WAF block.Scrape results
Generated by Claude Code