mesclun
asked on
Bad Request (Invalid Header Name) error when I try to access an IIS hosted web page through a load balancer
Here's my scenario:
I have 2 load balanced webservers running IIS 6. Each is hosting multiple web sites, and differentiates between them using host headers. In order to handle https requests we keep the site certificates on the load balancer, which hands off the decrypted SSL connections as regular http on the internal network.
We recently realized we need to be able to tell whether clients connect via http or https. We do not have control of our load balancer but we have convinced the admin to remap the host headers of incoming secure sites. So, for example, "http://www.foo.com" passes unchanged but "https://www.foo.com" becomes "ssl.foo.com on" the internal network.
I have set up the existing sites to accept the new host headers, but for some reason still get the "Bad Request (Invalid Header Name)" error page when I try to visit https://www.foo.com.
Further confusing me is the fact that the access requests are logged as errors in the IIS log, with type "Header". When I open the default web site (which I believe should capture all headers not explicitly referenced elsewhere) these requests still log as errors and I still get the Invalid Header page. I'm tearing my hair out trying to make IIS log errors more verbosely, but with no luck, so I apologize but I can't really provide any more diagnostic info on that front.
I have 2 load balanced webservers running IIS 6. Each is hosting multiple web sites, and differentiates between them using host headers. In order to handle https requests we keep the site certificates on the load balancer, which hands off the decrypted SSL connections as regular http on the internal network.
We recently realized we need to be able to tell whether clients connect via http or https. We do not have control of our load balancer but we have convinced the admin to remap the host headers of incoming secure sites. So, for example, "http://www.foo.com" passes unchanged but "https://www.foo.com" becomes "ssl.foo.com on" the internal network.
I have set up the existing sites to accept the new host headers, but for some reason still get the "Bad Request (Invalid Header Name)" error page when I try to visit https://www.foo.com.
Further confusing me is the fact that the access requests are logged as errors in the IIS log, with type "Header". When I open the default web site (which I believe should capture all headers not explicitly referenced elsewhere) these requests still log as errors and I still get the Invalid Header page. I'm tearing my hair out trying to make IIS log errors more verbosely, but with no luck, so I apologize but I can't really provide any more diagnostic info on that front.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for pointing me in the right direction on several points, meverest. I hadn't thought about doing any traffic analysis to see what might be going wrong.