0

My website: https://www.louiswebsdale.co.uk/ keeps giving the "400 bad request invalid header" error when trying to visit it without the https. So www.louiswebsdale.co.uk or http://www.louiswebsdale.co.uk give the "400 bad request invalid header" error.

Is there some code I need to change in the .htaccess file?

It currently is the following:

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Thank you very much.

MrWhite
  • 12,647
  • 4
  • 29
  • 41
Louis Websdale
  • 1
  • 2
  • It does *not* give 400 error. It gives a 301 moved redirecting to https. In addition your certificate is revoked. – vidarlo Jul 04 '21 at 10:22
  • When I go to the url http://www.louiswebsdale.co.uk/ I get the following: 400 Bad Request Invalid Header. – Louis Websdale Jul 04 '21 at 10:24
  • 1
    Not reproducible. Firefox complains about a revoked cert; ignoring that the site works from chromium, firefox, google chrome and curl. – vidarlo Jul 04 '21 at 10:28
  • How can I fix this "400 bad request invalid header" error?Iis it something to do with the code in .htaccess? – Louis Websdale Jul 04 '21 at 10:51
  • It works from here. With what you've given us to work with it seems there's no error, and nothing to fix! Repeating the question doesn't change anything. If the problem persists on your end, please test in incognito mode in your browser, and bring up the dev tools (press F12) and include full headers in your question. – vidarlo Jul 04 '21 at 11:01
  • That is very strange! The normal https works but not if someone types the url without the https so if they just type www.louiswebsdale.co.uk, the error comes up. – Louis Websdale Jul 04 '21 at 11:02
  • Don't post multiple questions about the same issue. Do what I suggested; bring up dev tools and tell us what headers your browser is sending. Also, test in ingocnito mode and with a different browser. – vidarlo Jul 04 '21 at 12:04
  • I have tested in incognito mode and different browser and still the same 400 error. This happens when I remove the s in the url after going on the correct website. So, I go onto https://www.louiswebsdale.co.uk/, it works fine, then I remove the s and it gives the error. The dev tools say: 400 Bad Request

    400 Bad Request

    Invalid Header. Failed to load resource: the server responded with a status of 400 (Bad Request)     – Louis Websdale Jul 04 '21 at 12:10
  • That's not the header, it's the body. I'm asking for the request headers. Please see https://imgur.com/a/l3tnzUd for an illustration. You can also select to disable caching while dev tools is open. – vidarlo Jul 04 '21 at 12:13
  • Is this it? :authority: www.louiswebsdale.co.uk :method: GET :path: / :scheme: https accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding: gzip, deflate, br accept-language: en-GB,en;q=0.9 if-modified-since: Sun, 04 Jul 2021 11:33:23 GMT sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91", "Chromium";v="91" sec-ch-ua-mobile: ?0 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: none sec-fetch-user: ?1 upgrade-insecure-requests: 1 – Louis Websdale Jul 04 '21 at 12:17
  • user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 – Louis Websdale Jul 04 '21 at 12:17
  • Yes - and the response. It's probably easier to post a screenshot of it. – vidarlo Jul 04 '21 at 12:32
  • I apologise, I do not know how to attach a screenshot onto a comment. cache-control: no-cache cache-control: max-age=0 content-encoding: gzip content-type: text/html; charset=UTF-8 date: Sun, 04 Jul 2021 12:33:19 GMT expires: Sun, 04 Jul 2021 12:33:19 GMT last-modified: Sun, 04 Jul 2021 11:33:23 GMT server: Apache vary: User-Agent wpo-cache-status: cached x-powered-by: PHP/7.3.27 – Louis Websdale Jul 04 '21 at 12:34
  • 1
    Don't post screenshots edit the question and paste the plane texts – djdomi Jul 04 '21 at 12:56
  • As vidarlo has already commented... I don't see a 400 response either. There is a 301 redirect from HTTP to HTTPS+www. The `.htaccess` code you posted is just a standard "front-controller" pattern that rewrites requests to `index.php`. There is no redirect in the code you posted (and nothing that would cause this error), so this must be performed by your server-side code. Have you tested this on a different network, outside of your LAN? (eg. phone on mobile network?) – MrWhite Jul 04 '21 at 14:06
  • Your response headers show that the request was passed on to your PHP code. This suggests that you have done something in your Apache configuration (to cause it to behave differently for you than for everyone else) that you have not shared with us despite it being relevant to the issue. Please post your Apache configuration. – Michael Hampton Jul 04 '21 at 14:14
  • Hi Michael, thanks for the help. I think it is working now thanks to tsohost support. – Louis Websdale Jul 05 '21 at 13:13

0 Answers0