Overview

On some Dell PowerEdge servers, the iDRAC web interface (HTTP/HTTPS) may return 400 Bad Request and become inaccessible. The root cause is the HostHeaderCheck security feature rejecting requests when the HTTP Host header does not match the iDRAC’s configured hostname. This guide shows a secure fix (preferred) and a temporary workaround, using racadm from the installed OS or via direct SSH to iDRAC.

If you are deploying iDRAC across Netrouting bare metal dedicated servers, use the secure method to keep your management plane hardened.

Before You Start

  • Ensure you can access the host OS (or have SSH access to iDRAC).
  • Confirm the intended iDRAC DNS name (e.g., idrac01.example.com) resolves to the iDRAC IP.
  • Install racadm on the host OS if you’ll run commands locally.

Secure Fix (Recommended): Configure the Correct Hostname

This preserves iDRAC’s header validation by setting a matching ManualDNSEntry. Replace $hostname with your iDRAC’s actual FQDN (e.g., idrac01.example.com).

Option A — racadm from the Installed OS

racadm set idrac.webserver.ManualDNSEntry $hostname # optional: restart iDRAC web to apply

Option B — SSH Directly Into iDRAC

ssh root@<idrac-ip> set idrac.webserver.ManualDNSEntry $hostname # optional: restart iDRAC web to apply

Verify

  • Confirm DNS: dig +short $hostname returns the iDRAC IP.
  • Browse to https://$hostname/. The web UI should load normally.

Temporary Workaround (Not Recommended): Disable HostHeaderCheck

Only use this to regain access quickly if you cannot fix DNS or hostname immediately. Disabling HostHeaderCheck weakens protection against certain Host header–based attacks. Re-enable it after setting the correct hostname.

Option A — racadm from the Installed OS

racadm set idrac.webserver.HostHeaderCheck 0 # optional

Option B — SSH Directly Into iDRAC

ssh root@<idrac-ip> racadm set idrac.webserver.HostHeaderCheck 1

Re-enable Later (after hostname/DNS is correct)

racadm set idrac.webserver.HostHeaderCheck 1 # or via SSH: # racadm set idrac.webserver.hostheadercheck 1 # in SSH session

Troubleshooting Tips

  • DNS mismatch: Ensure the A/AAAA record for $hostname points to the iDRAC IP used for management.
  • Certificate warnings: If using HTTPS with a custom cert, update CN/SAN to include $hostname.
  • Browser cache: Clear cache or try an incognito window after changes.
  • No racadm in OS: Use the SSH method directly on iDRAC.

Related Resources

Summary

If your iDRAC web UI shows 400 Bad Request, keep security intact by setting idrac.webserver.ManualDNSEntry to the correct hostname (with matching DNS). Only disable HostHeaderCheck as a temporary measure, then re-enable it once hostname/DNS is corrected. This approach maintains a hardened management plane across your Netrouting dedicated servers.

Need help?

Find answers quick, talk to us on live chat.

Start Live Chat
support-chat-bottom
Phone
+31(0)88-045-4600
+1-305-705-6983
Table of Contents