OWASP CRS Explorer

Search the Core Rule Set knowledge base. Every rule includes an example payload, a Cloudflare equivalent, and a ModSecurity snippet.

Paranoia ≤ 4

78 of 78 rules

920100WARNINGParanoia 1Protocol Enforcement

Invalid HTTP Request Line

How the attack works

The request line does not conform to RFC 7230 (bad method, target, or version token). Malformed request lines are used to confuse parsers and smuggle requests.

Recommended action

Block — well-behaved clients never send malformed request lines.

Example malicious payload

GET /index.html HTTP/9.9

Cloudflare WAF equivalent

Custom rule expression

# No simple custom-rule equivalent. This signature is covered by Cloudflare's
# Managed Ruleset (OWASP Core Rule Set). Enable it under Security → WAF → Managed rules
# and set the paranoia/sensitivity to at least level 1.

ModSecurity SecRule

OWASP CRS 920100

SecRule REQUEST_LINE "@rx (?i)^(?!(?:get|post|head|put|delete|options|patch)\s)" \
    "id:920100,\
    phase:1,deny,status:403,log,\
    t:none,t:utf8toUnicode,t:urlDecodeUni,t:removeNulls,\
    msg:'Invalid HTTP Request Line',\
    severity:'WARNING',\
    tag:'application-multi',tag:'attack-protocol-enforcement',\
    tag:'OWASP_CRS',tag:'paranoia-level/1',\
    ver:'OWASP_CRS/4.3.0'"