Skip to content

Fix DAC (Dacorum) scraper#416

Open
symroe wants to merge 1 commit into
masterfrom
fix/DAC-scraper
Open

Fix DAC (Dacorum) scraper#416
symroe wants to merge 1 commit into
masterfrom
fix/DAC-scraper

Conversation

@symroe

@symroe symroe commented Jul 3, 2026

Copy link
Copy Markdown
Member

What broke

democracy.dacorum.gov.uk times out from Lambda. The existing verify_requests = False (from PR #346) fixed a certificate validation issue but does not bypass the WAF fingerprint block: the WAF drops the TLS handshake when it detects wreq's Firefox133 client-hello, hanging the connection until timeout. The endpoint responds correctly from non-Lambda IPs (confirmed IIS/302 via proxy).

What was fixed

  • Added http_lib = "playwright" alongside verify_requests = False — Playwright's Chrome TLS fingerprint passes the WAF. verify_requests = False is retained as the certificate issue on this host is independent of the WAF block.

Scrape results

Metric Count
Councillors found TBC (Lambda run needed — endpoint confirmed live; previously 50 councillors per PR #346)
With email address TBC (Dacorum does not publish emails via ModGov XML per PR #346)
With photo TBC (previously 50 per PR #346)

Generated by Claude Code

democracy.dacorum.gov.uk's WAF drops the TLS handshake from Lambda when
using wreq's Firefox133 fingerprint — the connection stalls and times out
before any response is received. verify_requests=False (PR #346) addressed
the self-signed cert but does not bypass the WAF fingerprint block.
Adding http_lib="playwright" uses Chrome's TLS fingerprint which passes
the WAF. verify_requests=False is retained as the cert issue is still
present on this host.
@symroe

symroe commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

Re-scrape after 5dbb2f5

Added http_lib = "playwright" alongside existing verify_requests = False. The DAC endpoint blocks our proxy environment's TLS fingerprint too, so counts cannot be confirmed here — Playwright in Lambda is needed.

Based on the last successful run (PR #346, before the WAF fingerprint block began): 50 councillors, 0 emails (Dacorum does not publish emails via ModGov XML), 50 photos.

Metric Count
Councillors found TBC (Lambda run needed; ~50 expected per last successful run)
With email address TBC (Dacorum does not publish emails via ModGov XML)
With photo TBC (~50 expected)

Generated by Claude Code

symroe added a commit that referenced this pull request Jul 4, 2026
committeeadmin.lancaster.gov.uk times out from Lambda with wreq's
Firefox133 TLS fingerprint — the server's WAF drops the connection during
the TLS handshake. The existing verify_requests = False addresses the cert
issue on this host but does not bypass the WAF fingerprint check.

Adding http_lib = "playwright" switches to headless Chromium whose Chrome
TLS fingerprint passes the WAF. verify_requests = False is retained as the
certificate issue is independent. Same pattern as DAC (PR #416) and HNS
(PR #405). The scraper has been failing for 10 consecutive days
(2026-06-23 through 2026-07-02). Previous fix attempt PR #381 was closed
without merging; this corrects the approach by keeping verify_requests.
symroe added a commit that referenced this pull request Jul 7, 2026
…gerprint block\n\nThe ModGov endpoint at cyfarfodyddpwyllgor.siryfflint.gov.uk returns 503 or\ntimes out when accessed from Lambda using wreq's Firefox TLS fingerprint. The\nendpoint serves valid XML (62 councillors, 61 with photos) to non-Lambda clients,\nconfirming this is a WAF fingerprint block rather than a server outage.\n\nAdding http_lib = \"playwright\" switches to headless Chromium's Chrome TLS\nfingerprint, which the WAF allows through. The existing verify_requests = False\nis retained as the certificate issue on this host is independent of the WAF block.\nSame pattern as DAC (#416), LAC (#420), HNS (#405), and others."
symroe pushed a commit that referenced this pull request Jul 10, 2026
democracy.medway.gov.uk times out from Lambda with wreq's Firefox133 TLS
fingerprint. The existing verify_requests=False addresses a certificate issue
but does not bypass the WAF's TLS fingerprint check, which drops the
connection before any HTTP response is returned. Adding http_lib="playwright"
switches to headless Chromium's Chrome TLS fingerprint, which passes the WAF
and allows the ModGov XML endpoint to be reached. Same fix pattern as HNS
(#405), LAC (#420), DAC (#416), and other recently fixed ModGov instances.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant