Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Symfony
    • Labels:
      None

      Description

      Hi,

      Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

      The load was obivous and all the front server had a load around 75%

      The website displayed :

      Error 503 Backend fetch failed
      Backend fetch failedGuru Meditation:
      XID: 12288022Varnish cache server

      The log was writing :

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}

      After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

      We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

      Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

      This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :

      Updating twig/extensions (v1.5.1 => v1.5.2)
      Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
      Updating google/recaptcha (1.1.3 => 1.2)
      Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
      symfony/symfony (v2.8.43 => v2.8.44)

      So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
      "symfony/symfony": "2.8.43"

      I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

      http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
      http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

      This change, lock to 2.8.43 solve our problem !!

      I will join the installed.json, before and after. I confirm no code modification !!

      It was in production mode with AWS / varnish, nginx

      1. installed.json.43
        334 kB
        H H
      2. installed.json.44
        334 kB
        H H

        Issue Links

          Activity

          H H created issue -
          H H made changes -
          Field Original Value New Value
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server

          The log was writing :
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          H H made changes -
          Attachment installed.json.43 [ 31271 ]
          Attachment installed.json.44 [ 31272 ]
          H H made changes -
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          André Rømcke made changes -
          Project Community Platforms [ 10801 ] eZ Publish / Platform [ 10401 ]
          Key COM-20052 EZP-29492
          Workflow Community Workflow [ 134396 ] EZEE Development Workflow [ 134397 ]
          Component/s Symfony [ 13841 ]
          Component/s Bundles [ 14048 ]
          Gunnstein Lye made changes -
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“rondinelle.klepierre.it”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“gran-turia.klepierre.es”,“url”:“\/Tiendas\/Mayoral”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/space\/www\/www.klepierre.fr\/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“st-lazare-paris.klepierre.fr”,“url”:“\/Shopping\/Boutiques-SNCF”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx for all klepierre mall website in europe



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx



          Gunnstein Lye made changes -
          Description Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“emporia.steenstrom.se”,“url”:“\/Restauranger\/Lilla-Glassfabriken”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx



          Hi,

          Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

          The load was obivous and all the front server had a load around 75%

          The website displayed :
          {quote}
          Error 503 Backend fetch failed
          Backend fetch failedGuru Meditation:
          XID: 12288022Varnish cache server
          {quote}

          The log was writing :
          {quote}
          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

          {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception\\BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}
          {quote}

          After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

          We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

          Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

          This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :
          {quote}
          Updating twig/extensions (v1.5.1 => v1.5.2)
          Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
          Updating google/recaptcha (1.1.3 => 1.2)
          Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
          symfony/symfony (v2.8.43 => v2.8.44)
          {quote}

          So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
          "symfony/symfony": "2.8.43"

          I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

          http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
          http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

          This change, lock to 2.8.43 solve our problem !!

          I will join the installed.json, before and after. I confirm no code modification !!

          It was in production mode with AWS / varnish, nginx



          André Rømcke made changes -
          Link This issue relates to CS-6917 [ CS-6917 ]
          André Rømcke made changes -
          Link This issue relates to EZP-29497 [ EZP-29497 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              H H
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: