Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Symfony
    • Labels:
      None

      Description

      Hi,

      Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

      The load was obivous and all the front server had a load around 75%

      The website displayed :

      Error 503 Backend fetch failed
      Backend fetch failedGuru Meditation:
      XID: 12288022Varnish cache server

      The log was writing :

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}

      After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

      We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

      Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

      This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :

      Updating twig/extensions (v1.5.1 => v1.5.2)
      Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
      Updating google/recaptcha (1.1.3 => 1.2)
      Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
      symfony/symfony (v2.8.43 => v2.8.44)

      So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
      "symfony/symfony": "2.8.43"

      I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

      http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
      http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

      This change, lock to 2.8.43 solve our problem !!

      I will join the installed.json, before and after. I confirm no code modification !!

      It was in production mode with AWS / varnish, nginx

      1. installed.json.43
        334 kB
        H H
      2. installed.json.44
        334 kB
        H H

        Issue Links

          Activity

          H H created issue -
          H H made changes -
          Field Original Value New Value
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server

          The log was writing :
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          H H made changes -
          Attachment installed.json.43 [ 31271 ]
          Attachment installed.json.44 [ 31272 ]
          H H made changes -
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          André Rømcke made changes -
          Project Community Platforms [ 10801 ] eZ Publish / Platform [ 10401 ]
          Key COM-20052 EZP-29492
          Workflow Community Workflow [ 134396 ] EZEE Development Workflow [ 134397 ]
          Component/s Symfony [ 13841 ]
          Component/s Bundles [ 14048 ]
          Gunnstein Lye made changes -
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx



          Gunnstein Lye made changes -
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx



          Hide
          Gunnstein Lye added a comment -

          (To the reporter: I have removed potentially private information from the issue description.)

          Show
          Gunnstein Lye added a comment - (To the reporter: I have removed potentially private information from the issue description.)
          Hide
          André Rømcke added a comment -

          In other reports of this issue, nested exception for this was ConflictingHeadersException. Is that what you are getting here H H? Or you only got logs for this with no further trace?

          Show
          André Rømcke added a comment - In other reports of this issue, nested exception for this was ConflictingHeadersException . Is that what you are getting here H H ? Or you only got logs for this with no further trace?
          André Rømcke made changes -
          Link This issue relates to CS-6917 [ CS-6917 ]
          André Rømcke made changes -
          Link This issue relates to EZP-29497 [ EZP-29497 ]
          Hide
          H H added a comment -

          Hi André,

          Yes it is the same Exception : ConflictingHeadersException

          In vendor\symfony\symfony\src\Symfony\Component\HttpKernel\HttpKernel.php line 60

          Show
          H H added a comment - Hi André, Yes it is the same Exception : ConflictingHeadersException In vendor\symfony\symfony\src\Symfony\Component\HttpKernel\HttpKernel.php line 60
          Hide
          André Rømcke added a comment -

          Ok, can you check if the following fix from Symfony team solves it?
          PR: https://github.com/symfony/symfony/pull/28144
          Merged: https://github.com/symfony/symfony/commit/6089290543bcc8dac5abe6db7e33e08166765020

          If so we can close this as solved in symfony in next patch release.

          Show
          André Rømcke added a comment - Ok, can you check if the following fix from Symfony team solves it? PR: https://github.com/symfony/symfony/pull/28144 Merged: https://github.com/symfony/symfony/commit/6089290543bcc8dac5abe6db7e33e08166765020 If so we can close this as solved in symfony in next patch release.

            People

            • Assignee:
              Unassigned
              Reporter:
              H H
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: