Bad Request (Invalid Header Name) error when I try to access an IIS hosted web page through a load balancer

Here's my scenario:
I have 2 load balanced webservers running IIS 6. Each is hosting multiple web sites, and differentiates between them using host headers. In order to handle https requests we keep the site certificates on the load balancer, which hands off the decrypted SSL connections as regular http on the internal network.
We recently realized we need to be able to tell whether clients connect via http or https. We do not have control of our load balancer but we have convinced the admin to remap the host headers of incoming secure sites. So, for example, "http://www.foo.com" passes unchanged but "https://www.foo.com" becomes "ssl.foo.com on" the internal network.
I have set up the existing sites to accept the new host headers, but for some reason still get the "Bad Request (Invalid Header Name)" error page when I try to visit https://www.foo.com.
Further confusing me is the fact that the access requests are logged as errors in the IIS log, with type "Header". When I open the default web site (which I believe should capture all headers not explicitly referenced elsewhere) these requests still log as errors and I still get the Invalid Header page. I'm tearing my hair out trying to make IIS log errors more verbosely, but with no luck, so I apologize but I can't really provide any more diagnostic info on that front.
mesclunAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

meverestCommented:
Hi,

just a few comments:

you are redirecting these as http, or https? (you must use a unique ip address for each ssl host.  you cannot use host headers inside encrypted requests)

I don't recall ever seeing that error reported by iis - are you sure that it is not the load balancer doing it?

Maybe you could give each web site an individual ip address then do away with host headers altogether?

Download a http anayser (eg 'fiddler') and run it on one of the servers, you will be able to examine the http connections in great detail.

cheers,  Mike.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mesclunAuthor Commented:
Ok, it turns out that the problem was actually a combination of a misconfiguration on the load balancer and IIS' inability to gracefully handle malformed headers. After running netmon we found errant characters in the header and fixed them. Eventually we changed the internal routing of SSL-derived traffic to a special http address.
Thanks for pointing me in the right direction on several points, meverest. I hadn't thought about doing any traffic analysis to see what might be going wrong.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.