The HTTP Cache, when turned on, uses the following URL for internal hash lookup request: /_fos_user_context_hash. In a case when the main request has the siteaccess that was matched using the Map/URI Matcher, first few characters (as many as the Matcher key has, e.g. "pol" => 3 characters) are removed from the beginning of the internal request URL, resulting in invalid URL (e.g. "s_user_context_hash"). This shorter, invalid URL is not matched against any route for obvious reasons and is returning a 404 response.

Steps to reproduce

1. Create new eZ Platform installation.
2. Log in to the PlatformUI. Go to "Admin panel"/"Languages". Create new language there (e.g. "pol-PL").
3. In the PlatformUI, go to "Content"/"Content structure". There, translate the "eZ Platform" folder to the other language.
4. In the file app/config/ezplatform.yml, change the siteaccess configuration to this (example for "pol_PL" language):

   ezpublish:
       # Repositories configuration, setup default repository to support solr if enabled
       repositories:
           default:
               storage: ~
               search:
                   engine: "%search_engine%"
                   connection: default
   
       # Siteaccess configuration, with one siteaccess per default
       siteaccess:
           list: [site, site_pol]
           groups:
               site_group: [site, site_pol]
           default_siteaccess: site
           match:
               Map\URI:
                   pol: site_pol
   
       # System settings, grouped by siteaccess and/or siteaccess group
       system:
           site_group:
               # Pool to use for cache, needs to be different per repository (database).
               cache_pool_name: '%cache_pool%'
               # These reflect the current installers, complete installation before you change them. For changing var_dir
               # it is recommended to install clean, then change setting before you start adding binary content, otherwise you'll
               # need to manually modify your database data to reflect this to avoid exceptions.
               var_dir: var/site
               # System languages. Note that by default, content, content types, and other data are in eng-GB locale,
               # so removing eng-GB from this list may lead to errors or content not being shown, unless you change
               # all eng-GB data to other locales first.
               # HttpCache purge server(s) setting, eg Varnish, for when ezpublish.http_cache.purge_type is set to 'http'.
               http_cache:
                   purge_servers: ["%purge_server%"]
           site:
               languages: [eng-GB]
           site_pol:
               languages: [pol-PL]
   

5. In the file app/config/config_prod.yml, change the action_level key from critical to error.
6. In the PlatformUI, go to "Admin panel"/"Roles"/"Anonymous". Edit user/login/siteaccess Limitation there and add the second siteaccess to it.
7. Clean your cookies (or use incognito mode) and go to "your-site.prod/pol" URL (example for configuration above). Make sure to use the production environment for this request. After accessing it, you will see the following in your production logs:

   [2017-08-22 09:04:36] app.DEBUG: Router eZ\Bundle\EzPublishCoreBundle\Routing\DefaultRouter was not able to match, message "" [] []
   [2017-08-22 09:04:36] app.DEBUG: Router eZ\Bundle\EzPublishCoreBundle\Routing\UrlAliasRouter was not able to match, message "Could not find 'URLAlias' with identifier 's_user_context_hash'" [] []
   [2017-08-22 09:04:36] request.ERROR: Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\NotFoundHttpException: "No route found for "GET /_fos_user_context_hash"" at C:\Apache24\htdocs\ezplatform\vendor\symfony\symfony\src\Symfony\Component\HttpKernel\EventListener\RouterListener.php line 176 {"exception":"[object] (Symfony\\Component\\HttpKernel\\Exception\\NotFoundHttpException(code: 0): No route found for \"GET /_fos_user_context_hash\" at C:\\Apache24\\htdocs\\ezplatform\\vendor\\symfony\\symfony\\src\\Symfony\\Component\\HttpKernel\\EventListener\\RouterListener.php:176, Symfony\\Component\\Routing\\Exception\\ResourceNotFoundException(code: 0): None of the routers in the chain matched this request\nGET /_fos_user_context_hash HTTP/1.1\r\nAccept:                    application/vnd.fos.user-context-hash\r\nAccept-Charset:            ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\nAccept-Encoding:           gzip, deflate\r\nAccept-Language:           pl-PL,pl;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2,ru;q=0.2\r\nAuthorization:             \r\nConnection:                close\r\nHost:                      ezplatform.prod\r\nSurrogate-Capability:      symfony2=\"ESI/1.0\"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent:                Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36\r\nX-Forwarded-For:           127.0.0.1\r\nX-Php-Ob-Level:            1\r\n\r\n at C:\\Apache24\\htdocs\\ezplatform\\vendor\\symfony-cmf\\routing\\ChainRouter.php:207)"} []
   [2017-08-22 09:04:36] app.DEBUG: Router eZ\Bundle\EzPublishCoreBundle\Routing\DefaultRouter was not able to match, message "" [] []
   [2017-08-22 09:04:36] app.INFO: UrlAlias matched location #2. Forwarding to ViewController [] []
   [2017-08-22 09:04:36] request.INFO: Matched route "ez_urlalias". {"route_parameters":{"_route":"ez_urlalias","_controller":"ez_content:viewAction","contentId":1,"locationId":"2","viewType":"full","layout":true},"request_uri":"http://ezplatform.prod/pol"} []
   [2017-08-22 09:04:36] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
   [2017-08-22 09:04:36] app.DEBUG: Router eZ\Bundle\EzPublishCoreBundle\Routing\DefaultRouter was unable to generate route. Reason: 'Route 'ez_urlalias' not found': Unable to generate a URL for the named route "ez_urlalias" as such route does not exist. [] []
   

Side note: it is possible that other Siteaccess Matchers are also causing this behaviour, but in another manner. The solution should ideally solve the problem for all of them.