github-starred/cobalt
2
0
Fork 0
mirror of https://github.com/imputnet/cobalt.git synced 2026-05-22 14:24:23 -05:00
Code Issues 1.9k Packages Projects Releases Wiki Activity

API access via Tor exit nodes restricted by Cloudflare challenge #333

New Issue
Closed
opened 2025-11-09 09:46:34 -06:00 by GiteaMirror · 5 comments
GiteaMirror commented 2025-11-09 09:46:34 -06:00
Owner
Copy Link

Originally created by @barkoder on GitHub (Jun 30, 2024).

bug description

Tor exit nodes completely blocked. Cloudflare challenge.

reproduction steps

Steps to reproduce the described behavior.

$ url=https://www.youtube.com/watch?v=2uqcdh81a4c
curl -s -q -x socks5h://127.0.0.1:9050 'https://api.cobalt.tools/api/json' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data \
"{\"url\": \"$url\",
\"aFormat\": \"opus\",
\"isAudioOnly\": true}"

Isn't rate limiting a given exit node IP sufficient? Because CF challenges are a pain!

Thanks!

Originally created by @barkoder on GitHub (Jun 30, 2024). ### bug description Tor exit nodes completely blocked. Cloudflare challenge. ### reproduction steps Steps to reproduce the described behavior. $ url=https://www.youtube.com/watch?v=2uqcdh81a4c curl -s -q -x socks5h://127.0.0.1:9050 'https://api.cobalt.tools/api/json' \ --header 'Accept: application/json' \ --header 'Content-Type: application/json' \ --data \ "{\"url\": \"$url\", \"aFormat\": \"opus\", \"isAudioOnly\": true}" Isn't rate limiting a given exit node IP sufficient? Because CF challenges are a pain! Thanks!
GiteaMirror added the main instance issue label 2025-11-09 09:46:34 -06:00
GiteaMirror commented 2025-11-09 09:46:35 -06:00
Author
Owner
Copy Link

@ihatespawn commented on GitHub (Jun 30, 2024):

image
works for me, there were no challenges or anything

@ihatespawn commented on GitHub (Jun 30, 2024): ![image](https://github.com/imputnet/cobalt/assets/168680471/2d0b4c91-c278-443c-a0f1-ce331810c866) works for me, there were no challenges or anything
GiteaMirror commented 2025-11-09 09:46:35 -06:00
Author
Owner
Copy Link

@ihatespawn commented on GitHub (Jun 30, 2024):

also, what do you need to use tor for

@ihatespawn commented on GitHub (Jun 30, 2024): also, what do you need to use tor for
GiteaMirror commented 2025-11-09 09:46:35 -06:00
Author
Owner
Copy Link

@barkoder commented on GitHub (Jun 30, 2024):

@ihatespawn Access to the main instance's API through command line over Tor is blocked. Not through Tor Browser Bundle.

Issue title changed to make it more obvious.

@barkoder commented on GitHub (Jun 30, 2024): @ihatespawn Access to the main instance's API through command line over Tor is blocked. Not through Tor Browser Bundle. Issue title changed to make it more obvious.
GiteaMirror commented 2025-11-09 09:46:35 -06:00
Author
Owner
Copy Link

@wukko commented on GitHub (Jul 1, 2024):

tor through command line is suspicious enough for cloudflare to block it, and i kind of understand why. i will not do any changes to security level to prevent abuse, but i'll wait for @dumbmoron's opinion before closing the issue.

@wukko commented on GitHub (Jul 1, 2024): tor through command line is suspicious enough for cloudflare to block it, and i kind of understand why. i will not do any changes to security level to prevent abuse, but i'll wait for @dumbmoron's opinion before closing the issue.
GiteaMirror commented 2025-11-09 09:46:36 -06:00
Author
Owner
Copy Link

@dumbmoron commented on GitHub (Jul 1, 2024):

i'm ok with cloudflare serving a challenge to tor users, because:

  • if you are using it in the browser, then it will be able to (eventually.. :/) solve it, and then you can access the API
  • otherwise, if you need to use it via command line tools, it might indicate that you are automating something to some degree, and it might beg the question whether using Tor for it is a good idea
  • from our perspective, by using tor you effectively gain access to a pool of around 7000 IPs for free, which, had it not been for the cloudflare challenge, could be used to DDoS cobalt trivially
@dumbmoron commented on GitHub (Jul 1, 2024): i'm ok with cloudflare serving a challenge to tor users, because: - if you are using it in the browser, then it will be able to (eventually.. :/) solve it, and then you can access the API - otherwise, if you need to use it via command line tools, it might indicate that you are automating something to some degree, and it might beg the question whether using Tor for it is a good idea - from our perspective, by using tor you effectively gain access to a pool of [around 7000 IPs](https://metrics.torproject.org/relayflags.html) for free, which, had it not been for the cloudflare challenge, could be used to DDoS cobalt trivially
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
3rd party app support
bug
can reproduce
can't reproduce
documentation
duplicate
feature request
help wanted
instance hosting help
invalid
main instance issue
need more info
needs fixing
next major
not an issue
pull-request
Mirrored from GitHub Pull Request
 question
region lock issue
security
service request
skill issue
web ui
No Label main instance issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/cobalt#333
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?