Error with some RSS feed: Here https://www.mydealz.de/ - 403 Forbidden

BBJake · June 13, 2024, 4:18pm

[x] I’m using stock docker compose setup, unmodified. This also implies actually using Docker as the container engine.
[ ] I’m using docker compose setup, with modifications (modified .yml files, third party plugins/themes, etc.) - if so, describe your modifications in your post. Before reporting, see if your issue can be reproduced on the unmodified setup.
[ ] I’m not using docker on my primary instance, but my issue can be reproduced on the aforementioned docker setup and/or official demo.

I have setup a complete new version of TT RSS with the stock docker compose setup.
It works, but I have one RSS feed where I get an error:
It says: unable to fetch: Client error: GET https://www.mydealz.de/rss/alle resulted in a 403 Forbidden response:

The problems seems to be like decribed here Some error with RSS feeds
But the trick with the additional plugin “ddos_guard_workaround” does not seem to work. I created that plugin and activated it. But still get the same error.

Tiny Tiny RSS version (including git commit id): 9e6684e9277dace834ef10dab21c5b585f291675
Platform (i.e. Linux distro, Docker, PHP, PostgreSQL, etc) versions:
Debian GNU/Linux 12 (bookworm) - Kernel 6.1.0-13-amd64
Docker version 20.10.24+dfsg1, build 297e128

I have an old setup of TT Rss (2021/03) running on a different machine and without docker, where this feed is working fine.
All my other feeds also work on the new system

fox · June 13, 2024, 4:29pm

i can’t really do anything if feed owner decides to 403 you. its possible that different machine has a different IP which is not blacklisted or something of that nature.

BBJake · June 13, 2024, 4:53pm

Hmm, ok very strange.
But here also “cloudflare” seems to be the problem.

Response with a curl request on my server machine:

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 403 Forbidden
< Date: Thu, 13 Jun 2024 16:49:12 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Length: 15546
< Connection: close
< Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
< Critical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
< Cross-Origin-Embedder-Policy: require-corp
< Cross-Origin-Opener-Policy: same-origin
< Cross-Origin-Resource-Policy: same-origin
< Origin-Agent-Cluster: ?1
< Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
< Referrer-Policy: same-origin
< X-Content-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< cf-mitigated: challenge
< cf-chl-out: 6wQdLw7bra/mnTN6PfZLbx4lmN9GV9CVYgDwCnQMeI1t70c3sLdfqDxUJt6vAfNa5EDfKfuR8A550WfUbQPFwWyaq8txUv/VMFQjJkTBU+U=$C/O4WgQuukrQ+/33N9EpmQ==
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Server: cloudflare

Here I get HTML

Response on my local Mac:

< HTTP/1.1 200 OK
< Date: Thu, 13 Jun 2024 16:52:12 GMT
< Content-Type: text/xml; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Cache-Control: no-cache, private
< X-Pepper-Cache: HIT
< X-Pepper-Cache-Key: fpc:c9a4d12fca2d28c98fa78e67ca26c9ce
< Set-Cookie: pepper_session=%22koRcX2PPKMTqZaF2QfgStapjhvAVmmIYMFyKYf9U%22; expires=Thu, 13 Jun 2024 17:27:12 GMT; Max-Age=2100; path=/; domain=.mydealz.de; secure; httponly
< Set-Cookie: f_v=%22481d97ca-29a5-11ef-b7fd-0242ac110003%22; expires=Fri, 13 Jun 2025 16:52:12 GMT; Max-Age=31536000; path=/; domain=.mydealz.de; secure
< Set-Cookie: u_l=0; expires=Thu, 13 Jun 2024 17:07:12 GMT; Max-Age=900; path=/; domain=.mydealz.de; secure; httponly
< Set-Cookie: xsrf_t=%22NnJug5AKSBv22H2jw1qpShUKc03jYiOU1nZHfMXM%22; expires=Sat, 15 Jun 2024 03:52:12 GMT; Max-Age=126000; path=/; domain=.mydealz.de; secure; samesite=strict
< CF-Cache-Status: DYNAMIC
< Server: cloudflare
< CF-RAY: 893396fbcca0973e-FRA

Here I get the XML für the RSS feed

fox · June 13, 2024, 4:58pm

if either cloudflare itself or whoever owns the website doesn’t like your vds there’s isn’t really anything you could do.

think about it, if anyone could easily bypass ddos protections / wafs, what would be the point in them?

long time ago, we here used to suggest people passing problematic feeds through feedburner because people are normally not dumb enough to block google. however, i have no idea if feedburner is still a thing you could proxy rss feeds through.

BBJake · June 14, 2024, 11:46am

Using feedburner seems to work, but i don’t know if this has any other drawbacks.

Thank you for your support! TT-RSS is really a great tool!