Ladder is a web proxy to help bypass paywalls. This is a selfhosted version of 1ft.io and 12ft.io. It is inspired by 13ft.
Freedom of information is an essential pillar of democracy and informed decision-making. While media organizations have legitimate financial interests, it is crucial to strike a balance between profitability and the public's right to access information. The proliferation of paywalls raises concerns about the erosion of this fundamental freedom, and it is imperative for society to find innovative ways to preserve access to vital information without compromising the sustainability of journalism. In a world where knowledge should be shared and not commodified, paywalls should be critically examined to ensure that they do not undermine the principles of an open and informed society.
Disclaimer: This project is intended for educational purposes only. The author does not endorse or encourage any unethical or illegal activity. Use this tool at your own risk.
- Bypass Paywalls
- Remove CORS headers from responses, assets, and images ...
- Apply domain based ruleset/code to modify response
- Keep site browsable
- API
- Fetch RAW HTML
- Custom User Agent
- Custom X-Forwarded-For IP
- Docker container (amd64, arm64)
- Linux binary
- Mac OS binary
- Windows binary (untested)
- Removes most of the ads (unexpected side effect ¯\_(ツ)_/¯ )
- Basic Auth
- Disable logs
- No Tracking
- Limit the proxy to a list of domains
- Expose Ruleset to other ladders
- Fetch from Google Cache
- Optional TOR proxy
- A key to share only one URL
Certain sites may display missing images or encounter formatting issues. This can be attributed to the site's reliance on JavaScript or CSS for image and resource loading, which presents a limitation when accessed through this proxy. If you prefer a full experience, please consider buying a subscription for the site.
Some sites do not expose their content to search engines, which means that the proxy cannot access the content. A future version will try to fetch the content from Google Cache.
Warning: If your instance will be publicly accessible, make sure to enable Basic Auth. This will prevent unauthorized users from using your proxy. If you do not enable Basic Auth, anyone can use your proxy to browse nasty/illegal stuff. And you will be responsible for it.
- Download binary here
- Unpack and run the binary
./ladder - Open Browser (Default: http://localhost:8080)
docker run -p 8080:8080 -d --name ladder ghcr.io/everywall/ladder:latestcurl https://raw.githubusercontent.com/everywall/ladder/main/docker-compose.yaml --output docker-compose.yaml
docker-compose up -dSee README.md in helm-chart sub-directory for more information.
- Open Browser (Default: http://localhost:8080)
- Enter URL
- Press Enter
Or direct by appending the URL to the end of the proxy URL: http://localhost:8080/https://www.example.com
Or create a bookmark with the following URL:
javascript:window.location.href="http://localhost:8080/"+location.hrefcurl -X GET "http://localhost:8080/api/https://www.example.com"http://localhost:8080/raw/https://www.example.com
| Variable | Description | Value |
|---|---|---|
PORT |
Port to listen on | 8080 |
PREFORK |
Spawn multiple server instances | false |
USER_AGENT |
User agent to emulate | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
X_FORWARDED_FOR |
IP forwarder address | 66.249.66.1 |
USERPASS |
Enables Basic Auth, format admin:123456 |
`` |
LOG_URLS |
Log fetched URL's | true |
DISABLE_FORM |
Disables URL Form Frontpage | false |
FORM_PATH |
Path to custom Form HTML | `` |
RULESET |
URL to a ruleset file | https://raw.githubusercontent.com/everywall/ladder/main/ruleset.yaml or /path/to/my/rules.yaml |
EXPOSE_RULESET |
Make your Ruleset available to other ladders | true |
ALLOWED_DOMAINS |
Comma separated list of allowed domains. Empty = no limitations | `` |
ALLOWED_DOMAINS_RULESET |
Allow Domains from Ruleset. false = no limitations | false |
ALLOWED_DOMAINS and ALLOWED_DOMAINS_RULESET are joined together. If both are empty, no limitations are applied.
It is possible to apply custom rules to modify the response. This can be used to remove unwanted or modify elements from the page. The ruleset is a YAML file that contains a list of rules for each domain and is loaded on startup
See in ruleset.yaml for an example.
- domain: example.com # Inbcludes all subdomains
domains: # Additional domains to apply the rule
- www.example.de
- www.beispiel.de
headers:
x-forwarded-for: none # override X-Forwarded-For header or delete with none
referer: none # override Referer header or delete with none
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
content-security-policy: script-src 'self'; # override response header
cookie: privacy=1
regexRules:
- match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
replace: <script $1 script="/https://www.example.com/$3"
injections:
- position: head # Position where to inject the code
append: | # possible keys: append, prepend, replace
<script>
window.localStorage.clear();
console.log("test");
alert("Hello!");
</script>
- domain: www.anotherdomain.com # Domain where the rule applies
paths: # Paths where the rule applies
- /article
googleCache: false # Use Google Cache to fetch the content
regexRules: # Regex rules to apply
- match: <script\s+([^>]*\s+)?src="(/)([^"]*)"
replace: <script $1 script="/https://www.example.com/$3"
injections:
- position: .left-content article .post-title # Position where to inject the code into DOM
replace: |
<h1>My Custom Title</h1>
- position: .left-content article # Position where to inject the code into DOM
prepend: |
<h2>Suptitle</h2>