Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Symfony
    • Labels:
      None

      Description

      Hi,

      Yesterday after a code deploy on production using composer update, we had a lot of trouble around 17H30 when the varnish cache begin to regenerate.

      The load was obivous and all the front server had a load around 75%

      The website displayed :

      Error 503 Backend fetch failed
      Backend fetch failedGuru Meditation:
      XID: 12288022Varnish cache server

      The log was writing :

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/News”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Example”}}

      {“timestamp”:1533144034,“channel”:“request”,“message”:“Uncaught PHP Exception Symfony\\Component\\HttpKernel\\Exception
      BadRequestHttpException: \“The request headers contain conflicting information regarding the origin of this request.\” at \/data\/vendor_cache_20180801170356\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpKernel.php line 60",“level”:“ERROR”,“context”:{“exception”:{}},“extra”:{“host”:“example.com”,“url”:“\/Shopping”}}

      After some code verification we didn't understand because we made a little modification and no impact on controller ... purge all image cache on varnish but can't make the server down

      We did not think about composer update ... after 1h30 of unavailable service, stoping cron, trying other deploy for older git commit, the problem was still here.

      Lucky because we manage release include vendor, so we made a rollback from 27 july, and after it was OK.

      This morning the capistrano script purge our release '( so file not found. I was looking in my dev environnement to check what happend in composer, i saw this update :

      Updating twig/extensions (v1.5.1 => v1.5.2)
      Updating swiftmailer/swiftmailer (v5.4.9 => v5.4.12)
      Updating google/recaptcha (1.1.3 => 1.2)
      Updating guzzlehttp/ringphp (1.1.0 => 1.1.1)
      symfony/symfony (v2.8.43 => v2.8.44)

      So as our rollback was delete, no choice we have to deploy again the same code, but only with composer.json change :
      "symfony/symfony": "2.8.43"

      I was not sur but when i receive the message of Robin Muilwijk. And i saw http header problem, i think thats' for me !!!

      http://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
      http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

      This change, lock to 2.8.43 solve our problem !!

      I will join the installed.json, before and after. I confirm no code modification !!

      It was in production mode with AWS / varnish, nginx

      1. installed.json.43
        334 kB
        H H
      2. installed.json.44
        334 kB
        H H

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              H H
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: