Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29492

BadRequestHttpException

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Blocker
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Symfony
    • Labels:
      None

      Description

      Hi,

      Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

      The load was obivous and all the front server had a load around 75%

      The website displayed :

      Error 503 Backend fetch failed
      Backend fetch failedGuru Meditation:
      XID: 12288022Varnish cache server

      The log was writing :

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}

      After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

      We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

      Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

      This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :

      Updating twig/extensions (v1.5.1 => v1.5.2)
      Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
      Updating google/recaptcha (1.1.3 => 1.2)
      Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
      symfony/symfony (v2.8.43 => v2.8.44)

      So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
      "symfony/symfony": "2.8.43"

      I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

      http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
      http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

      This change, lock to 2.8.43 solve our problem !!

      I will join the installed.json, before and after. I confirm no code modification !!

      It was in production mode with AWS / varnish, nginx

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              hadidas H H
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: