Symfony: A Token was not found in the SecurityContext for route behind firewall

Don not worry about this case/error. When you tested you case by yourself, you got expected behavior (redirect to login page) as any other "real" surfer.

Then

User agent Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)

You can see that the page is requested by Ahrefs bot. And when you get a redirect to other pages as real surfer, it uses "header" action. But bots don't handle headers. So actually it is an error that amateur programmers make often. They put something like

if($notallowed){ header('Location: /login');}//... only logged stuff ...// 

and then it works for "real" surfers, but bots can go through and reach "logged stuff". So in this case it either needs "die" command right after header (in bad style that must be never user) or throw exception (in good style).

So conclusion: You mentioned that you recently got the exception after you changed the code, but most probably the bot started to crawl something new that was not crawled before. So most probably you should add a rule to skip that exception as it is applied to bots only. But of course you also should review you recent changes. Also you can review log of such exception and check user agent to make sure that it is applied to bots only.