Why am I getting a 400 BAD REQUEST error for simple GET request?

Question

I'm using an old programming language (Adobe's Extendscript). It has a simple Socket object to send TCP/IP requests. The following lines always used to work for me:

reply = "";
conn = new Socket;
if (conn.open ("www.freelancebookdesign.com:80")) {
    conn.write ("GET /license.txt HTTP/1.1\nhost: freelancebookdesign.com\n\n");
    reply = conn.read(9999);
    conn.close();
}

But a couple of days ago, my hosting company (Bluehost) migrated my website to a new box (without being asked to do so, or giving advanced warning). Now the same lines above return the following 400 error:

HTTP/1.1 400 Bad Request
Date: Thu, 02 Jul 2020 10:14:48 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, close
Accept-Ranges: bytes
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 130
Content-Type: text/html; charset=UTF-8

I've contacted their customer support, but received a clueless response. I don't know if this is the right place to ask for help, but I would really appreciate it if anyone has any ideas what the issue might be, even if I can just give their customer support some pointers in the right direction. What might be the difference between the old server setup and the new that would be causing this?

Answer 1

It works for me if I try it using telnet from the command line:

$ telnet www.freelancebookdesign.com 80
Trying 50.87.233.157...
Connected to freelancebookdesign.com.
Escape character is '^]'.
GET /license.txt HTTP/1.1 
host: freelancebookdesign.com
HTTP/1.1 200 OK

The things I would try:

• Use /r/n rather than /n. The spec says that lines should end with CRLF (\r\n) rather than just LF (\n). You have three \ns that you should replace with \r\n.
• Match the host that are are connecting to and what you are sending in the host header. I'm not sure why you are connecting to www. but then requesting the document with out. I'd drop the www. from your conn.open.
• Capitalize the H in host:. Header names should not be case sensitive, but they are typically requested in camel case.
• Try HTTP/1.0 rather than HTTP/1.1. The older and simpler protocol is more likely be accepted from a simple request like this because servers should not expect connection keep alive headers, chunked content headers, or any of the other fancy performance stuff that was added in 1.1.