Cool! it works. Thank You!
What does the CURLOPT_SSL_ENABLE_ALPN parameter mean? Without it, as I understand it, this won’t work? and why "Disabling ALPN feels slightly hacky "?
ALPN lets a client and server determine which HTTP protocol to use on a new connection very early in the process-- meaning it makes things more efficient, which is a good thing.
DDoS Guard (which is in front of that website) is apparently using information sent during ALPN, among other factors, to profile clients. For some unknown reason DDoS Guard doesn’t like what gets sent by libcurl on the new container image, and triggers the “checking browser” process you mentioned.
Setting CURLOPT_SSL_ENABLE_ALPN to false means ALPN won’t be used, so its information won’t be available to DDoS Guard. This currently allows the request to go through without triggering DDoS protection, however that might change. This workaround should not be necessary, since it should be expected that various non-browser clients would request Atom/RSS feeds.
Thanks for clarifying