In IIS7.5 what module removes the body of a 400 Bad Request

I have written ASP.NET (4.0) code that sets the Response.StatusCode to 400 if the data posted to the server is in valid.
I place useful information in the response body in the format that the request accepts header asks for. eg an html message saying “The date field is required…”.

In IIS7 (7.5.7600) on Windows 7 I get the correct html response back to the browser.

In IIS7 (7.5.6000) on Windows 2008 I do not get the html body back, but only a text body with “Bad Request” as the content.

Can someone point me to how I change the configuration of the 2008 server to return the body.
Or is there a difference between these versions of IIS?
Maybe a module in the Machine.config?
For example I know (and have had to work around) that the FormsAuthentication module changes a 401 to a 302 even if you do not want this. May be there is a module that stops the content of a 400 being sent.



Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Solution: edited the web.config system.webServer section and set httpErrors existingResponse attribute to “PassThrough” et voilá fixed.

    <httpErrors existingResponse="PassThrough"></httpErrors>

Well 2 things got me think about this issue:
  1. the classic CustomErrors behaviour because I was comparing localhost with a remote server
  2. the first wouldn’t explain how some of my other Authentication ‘errors’ were getting through intact

I dug around and came across this article on IIS7: How to Use HTTP Detailed Errors in IIS 7.0

It didn’t fully pertain to what I found when editing the web.config maybe due me using IIS7.5 but it was enough to get me into the right neighbourhood.

**Also be aware that with IIS 10 now supporting HTTP2, StatusDescriptions that contain text are no longer supported when request upgrade to HTTP2 so if you respond with 400 (Bad Request) this will get stripped to the numeric 400 only.
HTTP/2 does not define a way to carry the version or reason phrase
that is included in an HTTP/1.1 status line.

Method 2

If altering the web.config isn’t an option, below may help:

Response.TrySkipIisCustomErrors = true;

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x