I solved this problem already, but I wanted to post this in case any one else runs into the same issue. I hadn't upgraded program-y in a year, it worked fine after I upgraded, but a few of the log entries showed a cookie problem like this:
2020-02-10 21:33:36,088 werkzeug ERROR - 195.154.92.15 - - [10/Feb/2020 21:33:36] code 400, message Bad HTTP/0.9 request type ('\x03\x00\x00/Ã \x00\x00\x00\x00\x00Cookie:')
2020-02-11 06:56:49,450 werkzeug ERROR - 5.188.206.50 - - [11/Feb/2020 06:56:49] code 400, message Bad HTTP/0.9 request type ('\x03\x00\x00/Ã \x00\x00\x00\x00\x00Cookie:')
My first thought was maybe it was a bot (search engine, hacker, etc.) but since it was 2 different IP addresses at 2 different times of the day, I thought I should assume it was a problem on my end. I had not turned on logging until this week so it was hard for me to know if this was a real problem. I Googled it and it looked like it was related to using curl (with php) on an SSL server, and that led me down a rabbit hole of trying dozens of different solutions, such as upgrading to a new version of SSL. I gave up after around 5 hours. The next day I realized maybe it was hacking type activity so I should lookup the ips at https://www.abuseipdb.com and both of them showed a history hundreds of abuses and the abuseipdb.com showed a confidence level of 100% that it was abuse. So, there was really no problem after all.
I solved this problem already, but I wanted to post this in case any one else runs into the same issue. I hadn't upgraded program-y in a year, it worked fine after I upgraded, but a few of the log entries showed a cookie problem like this: 2020-02-10 21:33:36,088 werkzeug ERROR - 195.154.92.15 - - [10/Feb/2020 21:33:36] code 400, message Bad HTTP/0.9 request type ('\x03\x00\x00/Ã \x00\x00\x00\x00\x00Cookie:') 2020-02-11 06:56:49,450 werkzeug ERROR - 5.188.206.50 - - [11/Feb/2020 06:56:49] code 400, message Bad HTTP/0.9 request type ('\x03\x00\x00/Ã \x00\x00\x00\x00\x00Cookie:') My first thought was maybe it was a bot (search engine, hacker, etc.) but since it was 2 different IP addresses at 2 different times of the day, I thought I should assume it was a problem on my end. I had not turned on logging until this week so it was hard for me to know if this was a real problem. I Googled it and it looked like it was related to using curl (with php) on an SSL server, and that led me down a rabbit hole of trying dozens of different solutions, such as upgrading to a new version of SSL. I gave up after around 5 hours. The next day I realized maybe it was hacking type activity so I should lookup the ips at https://www.abuseipdb.com and both of them showed a history hundreds of abuses and the abuseipdb.com showed a confidence level of 100% that it was abuse. So, there was really no problem after all.