Artstation - [warning] Cloudfare challenge + HttpError: 403 Forbidden "(...URL...)/quick.json"

[spectrefps]

Since yesterday, Artstation has been producing the following errors for every art I've tried so far (including ones that worked in the past):

[artstation][warning] Cloudflare challenge
[artstation][error] HttpError: '403 Forbidden' for 'https://www.artstation.com/users/***NAME OF ARTIST***/quick.json

Some sample links that don't work now:

https://www.artstation.com/artwork/LRoGNr
https://www.artstation.com/artwork/YBwVG3
https://www.artstation.com/artwork/PXYWo3

At first, I thought it was something to do with a "Captcha" system, though I haven't had one appear for me on Artstation before (not even sure how to get a "Captcha"/"I'm not a robot" test to appear on artstation...). Could it be something as simple as that or is this pointing to something more serious?

Last topic of a similar issue was created 3 weeks ago, but gallery-dl was working fine for me on artstation until yesterday. Anyone else encountering these issues on artstation now?

[slewantoski]

Same problem for me but with Patreon:
[patreon][warning] Cloudflare challenge
[patreon][error] HttpError: '403 Forbidden' for 'https://www.patreon.com/posts/*indiviual-post*'

No problem opening the site in my browser.

Seems to me Cloudflare changed something.

[Erkhyan]

That 403 error has blocked me from downloading anything from Artstation for almost three weeks now.

[spectrefps]

That 403 error has blocked me from downloading anything from Artstation for almost three weeks now.

Perhaps this was a gradual "roll-out" sort of change? I haven't had any issues since 2 days ago. I hope they didn't completely block this (like they did with DeviantArt). This difference between the full-size vs the 'normal' size when downloading images from artstation is huge...

[mikf]

Changing the TLS fingerprint by disabling TLS 1.2 ciphers might work:

-o tls12=false

[spectrefps]

Changing the TLS fingerprint by disabling TLS 1.2 ciphers might work:

-o tls12=false

would I just insert this into the command-line like this?

gallery-dl -o tls12=false "https://www.artstation.com/artwork/YBwVG3"

or is that something I should change in the config.json file?

UPDATE: Adding " -o tls12=false " (without quotes) to the command-line works!!! :D

[mikf]

would I just insert this into the command-line like this?

Yes.

or is that something I should change in the config.json file?

That would work as well.

[spectrefps]

or is that something I should change in the config.json file?

That would work as well.

My appologies for all of these questions... what would that look like in the config.json file? I'm guessing that would have to go somewhere near the top (under "extractor") or should I only use it for specific sites (say, "artstation")?

Would this be it?

"tls12": false,

[Erkhyan]

"tls12": false,

I just tried this successfully. I put it in the config file’s Artstation section.

[vagabondshrimp]

Changing the TLS fingerprint by disabling TLS 1.2 ciphers might work:

-o tls12=false

gallery-dl -o tls12=false -v https://www.artstation.com/artwork/PX1WW4
[gallery-dl][debug] Version 1.27.0-dev:2024.05.28 - Executable (dev/windows)
[gallery-dl][debug] Python 3.12.3 - Windows-11-10.0.22631-SP0
[gallery-dl][debug] requests 2.32.2 - urllib3 2.2.1
[gallery-dl][debug] Configuration Files ['%APPDATA%\\gallery-dl\\config.json']
[gallery-dl][debug] Starting DownloadJob for 'https://www.artstation.com/artwork/PX1WW4'
[artstation][debug] Using ArtstationImageExtractor for 'https://www.artstation.com/artwork/PX1WW4'
[artstation][debug] TLS 1.2 disabled.
[cookies][debug] Extracting cookies from C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\default-release\cookies.sqlite
[cookies][info] Extracted 2974 cookies from Firefox
[urllib3.connectionpool][debug] Starting new HTTPS connection (1): www.artstation.com:443
[urllib3.connectionpool][debug] https://www.artstation.com:443 "GET /projects/PX1WW4.json HTTP/1.1" 403 None
[artstation][warning] '403 Forbidden' for 'https://www.artstation.com/projects/PX1WW4.json'
[urllib3.connectionpool][debug] https://www.artstation.com:443 "GET /users//quick.json HTTP/1.1" 403 None
[artstation][warning] Cloudflare challenge
[artstation][error] HttpError: '403 Forbidden' for 'https://www.artstation.com/users//quick.json'

Doesn't work for me. Is it possible this is on my end?

[spectrefps]

Changing the TLS fingerprint by disabling TLS 1.2 ciphers might work:

-o tls12=false

gallery-dl -o tls12=false -v https://www.artstation.com/artwork/PX1WW4
[gallery-dl][debug] Version 1.27.0-dev:2024.05.28 - Executable (dev/windows)
[gallery-dl][debug] Python 3.12.3 - Windows-11-10.0.22631-SP0
[gallery-dl][debug] requests 2.32.2 - urllib3 2.2.1
[gallery-dl][debug] Configuration Files ['%APPDATA%\\gallery-dl\\config.json']
[gallery-dl][debug] Starting DownloadJob for 'https://www.artstation.com/artwork/PX1WW4'
[artstation][debug] Using ArtstationImageExtractor for 'https://www.artstation.com/artwork/PX1WW4'
[artstation][debug] TLS 1.2 disabled.
[cookies][debug] Extracting cookies from C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\default-release\cookies.sqlite
[cookies][info] Extracted 2974 cookies from Firefox
[urllib3.connectionpool][debug] Starting new HTTPS connection (1): www.artstation.com:443
[urllib3.connectionpool][debug] https://www.artstation.com:443 "GET /projects/PX1WW4.json HTTP/1.1" 403 None
[artstation][warning] '403 Forbidden' for 'https://www.artstation.com/projects/PX1WW4.json'
[urllib3.connectionpool][debug] https://www.artstation.com:443 "GET /users//quick.json HTTP/1.1" 403 None
[artstation][warning] Cloudflare challenge
[artstation][error] HttpError: '403 Forbidden' for 'https://www.artstation.com/users//quick.json'

Doesn't work for me. Is it possible this is on my end?

Just tried it now (thought maybe the lack of " " around the image url might be stopping it) and it worked fine for me.

[mikf]

Doesn't work for me. Is it possible this is on my end?

• Try it without cookies
• Try specifying the list of cipher suites with the ciphers option directly. The list currently used can be found here.

[vagabondshrimp]

• Try it without cookies
• Try specifying the list of cipher suites with the ciphers option directly. The list currently used can be found here.

Tried them both, got the same error. Though I don't know if I did the ciphers option correctly. I just put it inside the artstation extractor in config like this:

"ciphers" : ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_256_GCM_SHA384", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES128-SHA", "ECDHE-RSA-AES256-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA", "AES256-SHA"],

[mikf]

You did do it correctly.

I forgot to mention that you should change it (reorder, remove an entry, etc.) to get a different TLS fingerprint, since the current and tls12=false ones don't work.

You could also try different headers. The defaults can be found here.

It might also be the case that nothing except a real browser works for your IP range ...

[vagabondshrimp]

It might also be the case that nothing except a real browser works for your IP range ...

Yeah, I think that's it because I've just tried about everything now lol.

Thanks for the help though.

[Hrxn]

HTTP/2 required now?

[mikf]

HTTP version alone is not enough. curl-impersonate is what eventually needs to be supported, I think. Or maybe even a headless browser, but I'd like to avoid that if at all possible.

[mikf]

[gallery-dl][debug] requests 2.32.2 - urllib3 2.2.1

requests 2.32.2

requests 2.32 apparently had a bug where it was no longer possible "to specify custom SSLContexts in sub-classes of HTTPAdapter", which is what gallery-dl is doing. This got fixed in requests 2.32.3, but this version has a different issue (#5665). Downgrading to "requests<2.32" should help.