HTTP 400 Bad Request when client sends invalid HTTP:Host header value

 

In this scenario, HTTP requests were being sent from a non-Windows machine and were being responded to with a “Bad Request – Invalid Hostname” error by the IIS server.  Beginning in IIS 6.0, “Bad Request” errors are almost always returned by HTTP.sys, so the next step was to look in the httperr.log file for further evidence of the failure condition.  There was an associated log entry that corresponded to the error message the user saw:

 

[time+date] [clientip+port] [serverip+port] HTTP/1.0 POST /vdir/page.asp 400 - Hostname –

 

 

The problem was easily reproducible, so a network trace was captured of the client’s HTTP request and the server’s response.  The network trace showed that the client was sending invalid data in its HTTP:Host header field.  Here is what the client’s request looked like:

 

 

10:57:56.424 001C0F71134B 005056B5682F HTTP POST Request from Client

HTTP: POST Request from Client

    HTTP: Request Method =POST

    HTTP: Uniform Resource Identifier =/vdir/page.asp

    HTTP: Protocol Version =HTTP/1.0

    HTTP: Accept = text/html

    HTTP: User-Agent =e.RPG

    HTTP: Host =http://ip_address/vdir

    HTTP: Content-Length =664

 

 

The problem here is that the HTTP:Host header contained forward slashes.  After the client was configured to not send http:// nor /vdir in the Host header, the HTTP requests were successful.  The valid HTTP requests now looked like this:

 

 

10:59:21.400 001C0F71134B 005056B5682F HTTP POST Request from Client

HTTP: POST Request from Client

    HTTP: Request Method =POST

    HTTP: Uniform Resource Identifier =/vdir/page.asp

    HTTP: Protocol Version =HTTP/1.0

    HTTP: Accept = text/html

    HTTP: User-Agent =e.RPG

    HTTP: Host =ip_address

    HTTP: Content-Length =664

 

No Comments