Table of Contents
On some Dell PowerEdge servers, the iDRAC web interface (HTTP/HTTPS) may return 400 Bad Request
and become inaccessible. The root cause is the HostHeaderCheck
security feature rejecting requests when the HTTP Host
header does not match the iDRAC’s configured hostname. This guide shows a secure fix (preferred) and a temporary workaround, using racadm
from the installed OS or via direct SSH to iDRAC.
If you are deploying iDRAC across Netrouting bare metal dedicated servers, use the secure method to keep your management plane hardened.
idrac01.example.com
) resolves to the iDRAC IP.racadm
on the host OS if you’ll run commands locally.This preserves iDRAC’s header validation by setting a matching ManualDNSEntry
. Replace $hostname
with your iDRAC’s actual FQDN (e.g., idrac01.example.com
).
Option A — racadm from the Installed OS
racadm set idrac.webserver.ManualDNSEntry $hostname # optional: restart iDRAC web to apply
Option B — SSH Directly Into iDRAC
ssh root@<idrac-ip> set idrac.webserver.ManualDNSEntry $hostname # optional: restart iDRAC web to apply
Verify
dig +short $hostname
returns the iDRAC IP.https://$hostname/
. The web UI should load normally.Only use this to regain access quickly if you cannot fix DNS or hostname immediately. Disabling HostHeaderCheck
weakens protection against certain Host header–based attacks. Re-enable it after setting the correct hostname.
Option A — racadm from the Installed OS
racadm set idrac.webserver.HostHeaderCheck 0 # optional
Option B — SSH Directly Into iDRAC
ssh root@<idrac-ip> racadm set idrac.webserver.HostHeaderCheck 1
Re-enable Later (after hostname/DNS is correct)
racadm set idrac.webserver.HostHeaderCheck 1 # or via SSH: # racadm set idrac.webserver.hostheadercheck 1 # in SSH session
$hostname
points to the iDRAC IP used for management.$hostname
.If your iDRAC web UI shows 400 Bad Request
, keep security intact by setting idrac.webserver.ManualDNSEntry
to the correct hostname (with matching DNS). Only disable HostHeaderCheck
as a temporary measure, then re-enable it once hostname/DNS is corrected. This approach maintains a hardened management plane across your Netrouting dedicated servers.