My logs are full of "PHP Warning: Undefined array key "HTTP_USER_AGENT""

qduchenne

Hey guys,

Looking at my logs I see :

wrongecho

Two possibilities

There's a bug in some of the code where we grab / log user agents
The client didn't have a user agent

Are these all from the same IP? Do you see the same error logs from your IP if login?

qduchenne

Hi,

The IP is actually mine from internal network (10.xx.xx.xx) and I'm using Chrome.

qduchenne

Looking on internet I see a lot of people reporting that kind of behavior with PHP 8.x

wrongecho

I'm not aware of anything regarding PHP changing the way they handle $_SERVER vars. We literally just pull $_SERVER['HTTP_USER_AGENT'])

I'm not seeing any errors like this for the demo. Are you using any privacy/security focused browser extensions that are changing your user agent?

Besides that, I remember your refer header issue was due to your custom Apache config, so might be worth looking there.

qduchenne

Indeed… Might come from there. I will investigate 🙂

wrongecho

@qduchenne Did you ever work out the cause of this?

qduchenne

Hey there ! Best wishes guys ! 🙂

Not really actually. I thought it was what caused my instance to be REEEEEEALLY slow but it wasn't.

Slowliness was caused by a guy who tried to log 39K times on the client portal, causing the logs to be a bit… messy let's say. I blacklisted the IP in my FW (would be great to have some kind of "jail" in the app) and now it's snappy again 🙂

Bigbug

qduchenne

https://docs.itflow.org/fail2ban

Bigbug

qduchenne When you say "guy" are you referring to your client? or some stranger/bot?

if it's a bot follow the instructions to setup fail2ban

additionally you can put it behind Cloudflare

qduchenne

Bigbug I mean some stranger/bot.

Thanks 🙂 I thought Fail2Ban was only for SSH. Looks like I still have things to learn 🥳

Bigbug

qduchenne I'm not using fail2ban (yet) so i'm not sure… i think @wrongecho or @johnny should come in with more details on this

Also take a look at this thread https://forum.itflow.org/d/1104-ip-address-based-system-access

wrongecho

I think Fail2Ban based off access logs is probably the best solution.

The agent login does have a rate limit. We're planning on merging both login flows so they will both benefit from the login failure rate limit.