|
| 1 | +--- |
| 2 | +title: Python Scripts Making Microsoft Graph Requests Are Detected as Web Crawlers |
| 3 | +description: Provides solutions to an issue where Python Scripts might be detected as web crawlers when making Microsoft Graph requests. |
| 4 | +ms.date: 04/22/2025 |
| 5 | +ms.service: entra-id |
| 6 | +ms.custom: sap:Problem with using the Graph SDK - libraries |
| 7 | +ms.reviewer: daga, v-weizhu |
| 8 | +--- |
| 9 | +# Python scripts making Microsoft Graph requests are detected as web crawlers |
| 10 | + |
| 11 | +This article provides solutions to an issue where Python scripts might be detected as web crawlers when making Microsoft Graph requests. |
| 12 | + |
| 13 | +## Symptoms |
| 14 | + |
| 15 | +A Python script that makes a Microsoft Graph request might sometimes be detected by the gateway as web crawlers. If Python scripts use a pool manager, the following error message is returned when you block the request: |
| 16 | + |
| 17 | +```output |
| 18 | +{'error': {'code': 'UnknownError', 'message': '\r\n403 Forbidden\r\n\r\n |
| 19 | +403 Forbidden |
| 20 | +\r\n |
| 21 | +Microsoft-Azure-Application-Gateway/v2 |
| 22 | +\r\n\r\n\r\n', 'innerError': {'date': '{UTC Date/Time}', 'request-id': '{guid}', 'client-request-id': '{guid}'}}} |
| 23 | +``` |
| 24 | + |
| 25 | +## Cause |
| 26 | + |
| 27 | +The issue occurs because some Python scripts might not structure their requests in a way that conforms to the expected patterns. As a result, the gateway mistakenly identifies the requests as coming from a web crawler. |
| 28 | + |
| 29 | +## Solution |
| 30 | + |
| 31 | +To resolve this issue, use the [Microsoft Graph SDK for Python](https://github.com/microsoftgraph/msgraph-sdk-python-core). If you don't want to use it, structure your requests similarly to how the SDK handles them by using Python's `Session` object to send requests. |
| 32 | + |
| 33 | +Here's an example of how you can structure your requests manually: |
| 34 | + |
| 35 | +```python |
| 36 | +from requests import Request, Session |
| 37 | + |
| 38 | +def example_request(url): |
| 39 | + http = Session() |
| 40 | + req = Request('GET', url, headers=h) |
| 41 | + prepped = req.prepare() |
| 42 | + resp = http.send(prepped) |
| 43 | + return resp.json() |
| 44 | +``` |
| 45 | + |
| 46 | +> [!NOTE] |
| 47 | +> - The `User-Agent` string in the HTTP request header should be unique to your application or script, differentiating it from generic traffic. |
| 48 | +> - Including additional headers such as `Accept: application/json` can help clarify the intent of your request. |
| 49 | +> - Incorrectly identified as crawler traffic might result in throttling or other automated mitigations by Microsoft's backend systems. Properly identifying your client helps avoid these issues. |
| 50 | +
|
| 51 | +If you use a different HTTP client, ensure that similar headers are set appropriately. Refer to your HTTP client's documentation for customizing request headers. |
| 52 | + |
| 53 | +## More information |
| 54 | + |
| 55 | +For more guidance on best practices when using Microsoft Graph, see the following articles: |
| 56 | + |
| 57 | +- [Use the Microsoft Graph API](/graph/use-the-api) |
| 58 | +- [Microsoft Graph throttling guidance](/graph/throttling) |
| 59 | + |
| 60 | +[!INCLUDE [Azure Help Support](../../../includes/azure-help-support.md)] |
0 commit comments