HTTP Protocol Anomaly

What It Means

The format of this HTTP request is inconsistent with the proper structure of web requests and may be an attempt to attack your application.

Why It Matters

Legitimate web browsers and HTTP clients follow well-defined protocol standards. When a request deviates from these standards — with missing required headers, malformed request lines, or invalid protocol versions — it typically indicates an automated attack tool or a deliberately crafted exploit attempt.

Common Triggers

Requests with missing or malformed Host headers, invalid HTTP versions, improperly formatted request lines, or other deviations from HTTP protocol standards.

What To Do

These blocks are safe to leave in place. Legitimate browsers and well-built API clients will not trigger this rule. If an older or unusual HTTP client is being blocked, verify that it is sending properly formatted HTTP requests.