<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Roberto Kerber</title>
    <description>The latest articles on DEV Community by Roberto Kerber (@robertokerber).</description>
    <link>https://dev.to/robertokerber</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4001211%2F5677c2cc-874c-4a07-b388-de599999ce51.jpg</url>
      <title>DEV Community: Roberto Kerber</title>
      <link>https://dev.to/robertokerber</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/robertokerber"/>
    <language>en</language>
    <item>
      <title>Scraping OLX and the marketplaces that block datacenter IPs</title>
      <dc:creator>Roberto Kerber</dc:creator>
      <pubDate>Sun, 28 Jun 2026 08:56:45 +0000</pubDate>
      <link>https://dev.to/robertokerber/scraping-olx-and-the-marketplaces-that-block-datacenter-ips-2cl</link>
      <guid>https://dev.to/robertokerber/scraping-olx-and-the-marketplaces-that-block-datacenter-ips-2cl</guid>
      <description>&lt;p&gt;Most "just use a scraping library" tutorials quietly assume the site lets you in. Classified-ad marketplaces like OLX don't. Here's what actually worked for me in 2026, including the two-layer block that ate a full day of my life.&lt;/p&gt;

&lt;h2&gt;
  
  
  Datacenter IPs get nothing
&lt;/h2&gt;

&lt;p&gt;OLX Brazil embeds its listings in a Next.js &lt;code&gt;__NEXT_DATA__&lt;/code&gt; JSON blob. Easy to parse - if you can fetch the page. From any cloud IP you get an empty response or a challenge. It turned out to be two separate blocks stacked:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Datacenter IP filtering&lt;/strong&gt; - most cloud ranges are blocked outright.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;TLS fingerprinting&lt;/strong&gt; - even from a residential IP, a vanilla Python &lt;code&gt;requests&lt;/code&gt; handshake gets flagged as a bot.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;You have to beat both, and I wasted hours assuming it was just one.&lt;/p&gt;

&lt;h2&gt;
  
  
  Fix 1: impersonate a real browser's TLS
&lt;/h2&gt;

&lt;p&gt;&lt;code&gt;curl_cffi&lt;/code&gt; mimics Chrome's actual TLS fingerprint:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight python"&gt;&lt;code&gt;&lt;span class="kn"&gt;from&lt;/span&gt; &lt;span class="n"&gt;curl_cffi&lt;/span&gt; &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="n"&gt;requests&lt;/span&gt; &lt;span class="k"&gt;as&lt;/span&gt; &lt;span class="n"&gt;cffi_requests&lt;/span&gt;

&lt;span class="k"&gt;def&lt;/span&gt; &lt;span class="nf"&gt;fetch&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;url&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;timeout&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mi"&gt;30&lt;/span&gt;&lt;span class="p"&gt;):&lt;/span&gt;
    &lt;span class="n"&gt;r&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;cffi_requests&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nf"&gt;get&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;url&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;impersonate&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="s"&gt;chrome&lt;/span&gt;&lt;span class="sh"&gt;"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;timeout&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="n"&gt;timeout&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
    &lt;span class="k"&gt;return&lt;/span&gt; &lt;span class="n"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;status_code&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;r&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;text&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;That alone gets you past the fingerprint check - but not the IP block.&lt;/p&gt;

&lt;h2&gt;
  
  
  Fix 2: egress through a residential IP
&lt;/h2&gt;

&lt;p&gt;The trick still fails from a datacenter. My setup: a small FastAPI service running on a residential connection that does the actual fetch, exposed over HTTPS with an API key. The cloud-side code is a thin proxy that calls it. Datacenter-only competitors simply can't reach the data.&lt;/p&gt;

&lt;h2&gt;
  
  
  The part nobody documents: OLX EU is a different stack
&lt;/h2&gt;

&lt;p&gt;OLX Brazil uses the Next.js &lt;code&gt;__NEXT_DATA__&lt;/code&gt; approach. But OLX's European sites - Portugal, Poland, Romania, Bulgaria, Ukraine, Kazakhstan - run a completely different platform with a clean public JSON API:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;https://www.olx.pt/api/v1/offers/?query=iphone&amp;amp;offset=0&amp;amp;limit=40
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;One parser covers all six countries. The lesson that cost me time: never assume a brand's regional sites share a backend. Probe the real response before writing the parser.&lt;/p&gt;

&lt;h2&gt;
  
  
  Making it actually useful
&lt;/h2&gt;

&lt;p&gt;A one-off scrape is noise. The value is on a schedule: cron a category every morning, diff against yesterday's listings, and push price drops to Slack or email through Make or n8n. That turns it into an automated deal-finder instead of a thing you run by hand.&lt;/p&gt;

&lt;p&gt;I packaged both into ready-to-run actors if you'd rather not host the residential side yourself (free tier covers testing):&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;OLX Europe (PT/PL/RO/BG/UA/KZ): &lt;a href="https://apify.com/plum_spear/aztec-olx-eu" rel="noopener noreferrer"&gt;https://apify.com/plum_spear/aztec-olx-eu&lt;/a&gt;
&lt;/li&gt;
&lt;li&gt;OLX Brazil: &lt;a href="https://apify.com/plum_spear/aztec-olx" rel="noopener noreferrer"&gt;https://apify.com/plum_spear/aztec-olx&lt;/a&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Happy to go deeper on the residential-egress setup in the comments - that was the part that took the longest to get right.&lt;/p&gt;

</description>
      <category>tutorial</category>
    </item>
  </channel>
</rss>
