HTTP Header Insertion fails as Invalid Header - HTTP Error 400
14544
Created On 09/29/20 21:48 PM - Last Modified 07/31/25 21:19 PM
Symptom
The webpage fails on adding multiple Values as HTTP Header.
Environment
- PAN-OS 8.1 & above.
- Configuring multiple Values for HTTP Header Insertion.
Cause
- The issue was caused by adding multiple values for HTTP header separated by different line(s).
- The running config looked like the following
http-header-insertion {
test {
type {
"Microsoft Office365 Tenant Restrictions" {
domains [ login.microsoftonline.com login.windows.net login.microsoft.com];
headers {
header-0 {
header Restrict-Access-To-Tenants;
value testglobal.com <<<<<<<<<
testglobal.onmicrosoft.com; <<<<<<<<<
log yes;
}
header-1 {
header Restrict-Access-Context;
value 9asdf321-566c-4d0b-ac6b-01253eb2fcc1;
log yes;
}
}
}
}
}
Resolution
- The multiple values for HTTP header must be separated by comma ','
- The running config looked like the following
http-header-insertion {
test {
type {
"Microsoft Office365 Tenant Restrictions" {
domains [ login.microsoftonline.com login.windows.net login.microsoft.com];
headers {
header-0 {
header Restrict-Access-To-Tenants;
value testglobal.com,testglobal.onmicrosoft.com; <<<<<<<<<
log yes;
}
header-1 {
header Restrict-Access-Context;
value 9asdf321-566c-4d0b-ac6b-01253eb2fcc1;
log yes;
}
}
}
}
}
Additional Information
KB Article for configuration:
Sanctioned Access For Office365 Enterprise Using HTTP Header Insertion