Are you tired of encountering the dreaded Cloudflare captcha or being blocked from accessing a website altogether? If so, you’re not alone. Many web scrapers and automation tools have faced the same challenge when trying to bypass Cloudflare’s WAF (Web Application Firewall) protection.
Fortunately, there is a solution. In this article, we’ll show you how to bypass Cloudflare with Puppeteer, a popular Node.js library for web scraping and automation. We’ll also introduce you to a powerful tool called “穿云API” that can help you achieve your goals more easily and efficiently.
What is Cloudflare?
Before we dive into the specifics of bypassing Cloudflare with Puppeteer, let’s first take a moment to understand what Cloudflare is and why it can be such a headache for web scrapers and automation tools.
Cloudflare is a cloud-based security service that provides WAF protection, DDoS mitigation, and content delivery network (CDN) services to websites and web applications. It’s used by millions of websites worldwide, including some of the most popular and heavily trafficked sites on the internet.
When a user attempts to access a website that’s protected by Cloudflare, their request is first routed through Cloudflare’s servers. Cloudflare then performs a series of checks to determine whether the request is legitimate or not. If the request is deemed to be suspicious or malicious, Cloudflare will block it or present the user with a captcha to verify that they’re human.
Why is Cloudflare a Challenge for Web Scrapers and Automation Tools?
Web scrapers and automation tools can trigger Cloudflare’s WAF protection in a number of ways. For example, they may send too many requests in a short period of time, use an outdated or unsupported browser, or lack certain browser features or headers that Cloudflare expects to see.
When Cloudflare’s WAF protection is triggered, it can be very difficult to bypass. The captcha, in particular, is notoriously hard to solve programmatically, and many web scrapers and automation tools simply give up at this point.
Bypassing Cloudflare with Puppeteer
Puppeteer is a Node.js library that provides a high-level API for controlling headless or headful Chrome or Chromium browsers. It’s commonly used for web scraping, automation, and testing.
One of the advantages of using Puppeteer for web scraping and automation is that it can emulate a real user’s browser very closely. This can help to avoid triggering Cloudflare’s WAF protection in the first place.
Here are some tips for bypassing Cloudflare with Puppeteer:
- Use a Realistic User-Agent
Cloudflare checks the User-Agent header of incoming requests to determine whether they’re likely to be legitimate or not. Using a realistic User-Agent that matches the browser you’re emulating with Puppeteer can help to avoid triggering Cloudflare’s WAF protection.
Here’s an example of how to set the User-Agent in Puppeteer:
const puppeteer = require('puppeteer');
(async () => {
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.setUserAgent('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36');
await page.goto('https://example.com');
// ...
await browser.close();
})();- Enable Browser Features and Headers
Cloudflare expects to see certain browser features and headers in incoming requests. Enabling these features and headers in Puppeteer can help to avoid triggering Cloudflare’s WAF protection.
Here’s an example of how to enable browser features and headers in Puppeteer:
const puppeteer = require('puppeteer');
(async () => {
const browser = await puppeteer.launch({
args: [
'--enable-features=NetworkService,NetworkServiceInProcess',
],
});
const page = await browser.newPage();
await page.setExtraHTTPHeaders({
'Accept-Language': 'en-US,en;q=0.9',
});
await page.goto('https://example.com');
// ...
await browser.close();
})();In this example, we’re enabling the NetworkService and NetworkServiceInProcess features in Chrome, and setting the Accept-Language header to a realistic value.
- Slow Down Your Requests
Sending too many requests in a short period of time can trigger Cloudflare’s WAF protection. Slowing down your requests can help to avoid this.
Here’s an example of how to slow down your requests in Puppeteer:
const puppeteer = require('puppeteer');
(async () => {
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto('https://example.com', {
waitUntil: 'networkidle2',
timeout: 0,
});
await page.evaluate(() => {
// ...
});
await new Promise(resolve => setTimeout(resolve, 1000));
// ...
await browser.close();
})();In this example, we’re using the waitUntil and timeout options of the page.goto() method to wait for the page to fully load, and we’re using setTimeout() to introduce a delay between requests.
- Use a Proxy or IP Pool
Using a proxy or IP pool can help to avoid triggering Cloudflare’s WAF protection by distributing your requests across multiple IP addresses.
Here’s an example of how to use a proxy in Puppeteer:
const puppeteer = require('puppeteer');
(async () => {
const browser = await puppeteer.launch({
args: [
`--proxy-server=${process.env.PROXY_URL}`,
],
});
const page = await browser.newPage();
await page.goto('https://example.com');
// ...
await browser.close();
})();In this example, we’re using the --proxy-server command-line option to set the proxy URL.
Introducing 穿云API
While the tips we’ve provided can help to bypass Cloudflare with Puppeteer, they may not be sufficient in all cases. Cloudflare’s WAF protection is constantly evolving, and what works today may not work tomorrow.
That’s where 穿云API comes in. 穿云API is a powerful tool that can help you bypass Cloudflare’s WAF protection, Turnstile CAPTCHA, and 5-second shield with ease. It provides an HTTP API and a one-stop global dynamic data center/residential IP proxy service, including interface addresses, request parameters, and return processing. It also supports setting Referer, browser UA, and headless status, among other browser fingerprint device features.
Here’s an example of how to use 穿云API with Puppeteer:
const puppeteer = require('puppeteer');
const axios = require('axios');
(async () => {
const browser = await puppeteer.launch({
args: [
'--enable-features=NetworkService,NetworkServiceInProcess',
'--disable-features=IsolateOrigins,site-per-process',
],
});
const page = await browser.newPage();
const url = 'https://example.com';
const apiKey = process.env.THROUGH_CLOUD_API_KEY;
const apiUrl = `https://api.throughcloud.com/v1/http/get?url=${encodeURIComponent(
url
)}&api_key=${apiKey}`;
const response = await axios.get(apiUrl);
const content = response.data.content;
await page.setContent(content);
// ...
await browser.close();
})();In this example, we’re using the 穿云API HTTP API to fetch the content of a web page that’s protected by Cloudflare. We’re then using Puppeteer’s page.setContent() method to set the content of the page.
Conclusion
Bypassing Cloudflare’s WAF protection, Turnstile CAPTCHA, and 5-second shield can be a challenge for web scrapers and automation tools. However, by using Puppeteer to emulate a real user’s browser closely and following the tips we’ve provided, you can improve your chances of success.
For even better results, consider using 穿云API, a powerful tool that can help you bypass Cloudflare’s defenses with ease. With 穿云API, you can focus on your web scraping or automation tasks, without worrying about being blocked or slowed down by Cloudflare.