HTTP 400 Bad Request when client terminates request headers improperly


After sending an HTTP request to IIS, an Internet Explorer client displayed the following error message to the user:


Bad Request



Beginning in IIS 6.0, “Bad Request” errors are almost always returned by HTTP.sys, so the next step was to look in the httperr.log file for further evidence of the failure condition. There was an associated log entry that corresponded to the error message the user saw:


[time+date] [client-ip+port] [server ip+port] HTTP/1.1 GET /page.htm 400 - BadRequest –

The problem was easily reproducible, so a network trace was captured of the client’s HTTP request and the server’s response. The network trace showed that the client was terminating its request headers with a single <CR>. IIS and http.sys do not consider a single <CR> to be a valid header termination, and therefore reject the request.

To resolve the issue, the HTTP client needs to make sure to use valid header termination values. Request headers can be terminated with a single <LF> or with the more common <CR><LF>.

In a network trace, the valid <CR><LF> termination will appears as:


  \r\n (0xD 0xA)



A single <LF> termination will look like:


  \n (0xA)



The invalid single <CR> will look like:


  \r (0xD)