Hey guys,
Looking at my logs I see :
My logs are full of "PHP Warning: Undefined array key "HTTP_USER_AGENT""
Two possibilities
- There's a bug in some of the code where we grab / log user agents
- The client didn't have a user agent
Are these all from the same IP? Do you see the same error logs from your IP if login?
Hi,
The IP is actually mine from internal network (10.xx.xx.xx) and I'm using Chrome.
Looking on internet I see a lot of people reporting that kind of behavior with PHP 8.x
I'm not aware of anything regarding PHP changing the way they handle $_SERVER vars. We literally just pull $_SERVER['HTTP_USER_AGENT'])
I'm not seeing any errors like this for the demo. Are you using any privacy/security focused browser extensions that are changing your user agent?
Besides that, I remember your refer header issue was due to your custom Apache config, so might be worth looking there.
Indeed… Might come from there. I will investigate 
a month later
@qduchenne Did you ever work out the cause of this?
6 days later
Hey there ! Best wishes guys !
Not really actually. I thought it was what caused my instance to be REEEEEEALLY slow but it wasn't.
Slowliness was caused by a guy who tried to log 39K times on the client portal, causing the logs to be a bit… messy let's say. I blacklisted the IP in my FW (would be great to have some kind of "jail" in the app) and now it's snappy again
- Edited
qduchenne I'm not using fail2ban (yet) so i'm not sure… i think @wrongecho or @johnny should come in with more details on this
Also take a look at this thread https://forum.itflow.org/d/1104-ip-address-based-system-access
I think Fail2Ban based off access logs is probably the best solution.
The agent login does have a rate limit. We're planning on merging both login flows so they will both benefit from the login failure rate limit.