- Server operating system version
- Ubuntu 24.04
- Plesk version and microupdate number
- 18.0.76 Update 1
The bot protection rule lists "python-requests" in its user agent blocklist. This is far too broad as python-requests is a generic Python HTTP library used by countless legitimate applications: open data portals (CKAN), monitoring tools, data integrations, government services, etc.
In our case, organization uses CKAN with python-requests to fetch public data from our API, and it was silently getting 403 responses. The endpoint has permission_callback => __return_true — it's intentionally public — but bot protection was blocking it at the Nginx level.
The other entries in the blocklist (acunetix, nikto, AhrefsBot, SemrushBot, etc.) are specific bad actors and fair game. But python-requests is equivalent to blocking curl or wget — you're blocking the tool, not a specific bad actor.
I think, Plesk should remove python-requests from this list. A legitimate bot protection rule should target known malicious user agents, not generic HTTP libraries.
Current list:
acunetix
BLEXBot
domaincrawler.com
LinkpadBot
MJ12bot/v
majestic12.co.uk
AhrefsBot
TwengaBot
SemrushBot
nikto
winhttp
Xenu Link Sleuth
Baiduspider
HTTrack
clshttp
harvest
extract
grab
miner
python-requests
In our case, organization uses CKAN with python-requests to fetch public data from our API, and it was silently getting 403 responses. The endpoint has permission_callback => __return_true — it's intentionally public — but bot protection was blocking it at the Nginx level.
The other entries in the blocklist (acunetix, nikto, AhrefsBot, SemrushBot, etc.) are specific bad actors and fair game. But python-requests is equivalent to blocking curl or wget — you're blocking the tool, not a specific bad actor.
I think, Plesk should remove python-requests from this list. A legitimate bot protection rule should target known malicious user agents, not generic HTTP libraries.
Current list:
acunetix
BLEXBot
domaincrawler.com
LinkpadBot
MJ12bot/v
majestic12.co.uk
AhrefsBot
TwengaBot
SemrushBot
nikto
winhttp
Xenu Link Sleuth
Baiduspider
HTTrack
clshttp
harvest
extract
grab
miner
python-requests