400 Bad Request
Possible Causes and Solutions
HTTP Error 400: Bad Request
The HTTP ‘Error 400: Bad Request’ typically occurs when a web server receives a request that it is unable to understand. The cause of this is often malformed syntax. If the request contains syntax that doesn’t conform to the HTTP protocol, the server will generate the 400 error. The request should not be re-sent without modifications.
The 400 Error occurs whenever the HTTP search cycle is terminated by the web server. As a result, the client is not granted access to the particular information it requested. This is often because the request does not adhere to the rules listed under the hypertext transfer protocol. Consequently, the client receives a HTTP status code and data stream transmitting the ‘400′ error.
How Does The HTTP Cycle Flow?
When a client such as a web browser requests a http resource, it goes through the following process:
- The client receives the IP address for the respective domain as you request, using the DNS system.
- An IP socket connection is opened to that IP address.
- Then HTTP data stream is sent as a request through that socket by the client.
- This request is obtained by the web server, which sends a relevant reply as a HTTP data stream which contains status codes and other data.
- The web client receives the reply and displays the results.
This video provides an visualization of the data flow – http://www.youtube.com/watch?v=Pdqss2GvU5M.
Different browsers display different amounts of information regarding the 400 Bad Request error.
By default, Internet Explorer shows much more detail than other browsers, and it actually suggests possibilities for the cause of the error.
For example, if you open a url that triggers a 400 Bad Request error in Internet Explorer, it will display the message below:
If Internet Explorer shows a message with no description of the 400 Bad Request error, as below, that means that the “Show friendly http error message” option is disabled.
To re-enable it, click on ‘Settings’, and go to the ‘Advanced’ tab. Put a tick in the “Show friendly http error message” box.
Mozilla Firefox and Google Chrome will not show much information in contrast to Internet Explorer.
The image below shows the default presentation of a 400 Bad Request Error from Mozilla Firefox. As you can see, Firefox gives you much less information, and doesn’t even display the error number.
Typically, IIS based web servers running Microsoft web technologies will yield a 400 error if you accidentally include one of the following characters in the URL:
(The correct URL for below examples is http://runonce.msn.com/runonce3.aspx)
(1) “*” e.g. http://runonce.msn.com/runonce*3.aspx
(2) “:” e.g. http://runonce.msn.com/runonce:3.aspx
(3) “&” e.g. http://runonce.msn.com/runonce&3.aspx
(4) “%” e.g. http://runonce.msn.com/runonce%3.aspx
Example (4) behaves in a slightly different manner – it will generate a windowed error message. This is because the % character is an invalid HTTP url character – see http://www.w3.org/TR/url/#canonicalize-a-url. Microsoft IIS web servers generate an error when the request contains invalid characters like this.
Internet Explorer Preview
Mozilla Firefox Preview
How Can You Fix a 400 Error?
There are a wide variety of possible causes of HTTP 400 errors. The error can originate from problems with either the client or the web server. About 95% of the time, the 400 error occursas a result of a problem on the client side.
Client side problems occur if there is something that causes an instability on your PC. For example, in old Windows systems running Microsoft .Net Framework 1.1, 400 errors occur if a url contains any of the characters mentioned above. (http://support.microsoft.com/kb/826437) . Microsoft has since released a service pack for the .NET Framework 1.1 which corrects these issues.
So, the first thing to do is ensure your system is up to date with the latest Windows automatic updates. It’s also important to update your web browser/web client.
Before proceeding with troubleshooting, double-check to see whether you have entered the correct URL.
If the URL is correct, try clearing all cached local web data, and re-enter the URL. Corrupted cookies can cause a 400 error – removing them may solve the problem.
Since HTTP 400 errors can occur due to incorrect registry entries, it’s a good idea to run a registry cleaner such as Ccleaner. You can download Ccleaner from the following URL: http://www.piriform.com/ccleaner.
How to Use Ccleaner to Fix Registry Errors
After installing Ccleaner, open it and navigate to your registry area and select ‘Scan for Issues’.
Then click ‘Fix selected issues’.
As a general practice, good anti-virus and spyware protection should be installed and kept up-to-date. Malware or any other internet traffic related attack can compromise PC security. In such cases, the malware may corrupt the web traffic sent from your PC, in turn causing a 400 Bad Request error.
Defective or incompatible legacy software may cause registry corruption and trigger traffic related problems, if it is a web based application or connects to one. For that reason, you should always use up-to-date software from reliable sources.
If you use third-party web caching software on your local PC, disable or remove that software and see what happens when you access the URL.
A HTTP 400 Bad Request can also occur when the client terminates request headers improperly.
For more detail on this, please see the following link:
This error can also be due to a corrupt DNS cache and DNS lookup timouts. You can troubleshoot DNS issues using the command prompt:
Flushing Old DNS Entries From Your System
Open the command prompt, and type ‘ipconfig/flushdns’.
So far we have discussed client side causes of the HTTP 400 error.
There are also some possible server-side causes. They’re listed below:
Bad Server Name
A web host that no longer serves a website may generate a 400 Bad Request Error if a client requests a page from that website. This could happen if the domain owner has terminated his agreement with a web hosting service, but the DNS record has not been removed or changed.
Header Line Too Long
The requests and responses which run between the client and web server include header lines that denote the nature of the data being sent. There is no official limitation, but web servers often have their own limitations – for example, they may only accept accept header lengths of up to 1024 characters. If the length of the header in the request exceeds this limit, it triggers HTTP 400 errors.
Sometimes, if you are behind a proxy server like ISA Server, it also has a header line length limitation and triggers HTTP 400 errors (http://support.microsoft.com/kb/300707).
Microsoft have released a hot fix for this issue with the ISA Server software. You can find it here:
If you are in a corporate environment, you may be behind a caching proxy server. 400 Bad Request erros can occur if the proxy cache is corrupted or the proxy times out.
IIS 7.0, IIS 7.5, and IIS 8.0 will report HTTP status codes that indicate the specific cause of the 400 error (http://support.microsoft.com/kb/943891):
- 400.1 – Invalid Destination Header
- 400.2 – Invalid Depth Header
- 400.3 – Invalid If Header
- 400.4 – Invalid Overwrite Header
- 400.5 – Invalid Translate Header
- 400.6 – Invalid Request Body
- 400.7 – Invalid Content Length
- 400.8 – Invalid Timeout
- 400.9 – Invalid Lock Token
A 400 error can also occur due to some configurations and security setting issues in the Http.sys file in IIS 7.0, IIS 7.5, and IIS 8.0.
Enabling error logging in HTTP APIs should help you to determine specific details of the HTTP errors. For more details, please see this Microsoft help page: http://support.microsoft.com/?id=820729.