diff --git a/scripts/base/utils/active-http.zeek b/scripts/base/utils/active-http.zeek
index 4f84ebca71..5d820b2f82 100644
--- a/scripts/base/utils/active-http.zeek
+++ b/scripts/base/utils/active-http.zeek
@@ -78,6 +78,19 @@ function request2curl(r: Request, bodyfile: string, headersfile: string): string
 
 function request(req: Request): ActiveHTTP::Response
 	{
+	local resp: Response;
+	resp$code = 0;
+	resp$msg = "";
+	resp$body = "";
+	resp$headers = table();
+
+	# Sanity-check the method parameter as it will go directly into our command line.
+	if ( req$method != /[A-Za-z]+/ )
+		{
+		Reporter::error(fmt("There was an illegal method specified with ActiveHTTP (\"%s\").", req$method));
+		return resp;
+		}
+
 	local tmpfile     = "/tmp/zeek-activehttp-" + unique_id("");
 	local bodyfile    = fmt("%s_body", tmpfile);
 	local headersfile = fmt("%s_headers", tmpfile);
@@ -85,11 +98,6 @@ function request(req: Request): ActiveHTTP::Response
 	local cmd = request2curl(req, bodyfile, headersfile);
 	local stdin_data = req?$client_data ? req$client_data : "";
 
-	local resp: Response;
-	resp$code = 0;
-	resp$msg = "";
-	resp$body = "";
-	resp$headers = table();
 	return when ( local result = Exec::run([$cmd=cmd, $stdin=stdin_data, $read_files=set(bodyfile, headersfile)]) )
 		{
 		# If there is no response line then nothing else will work either.
diff --git a/testing/btest/Baseline/scripts.base.utils.active-http/output b/testing/btest/Baseline/scripts.base.utils.active-http/output
index 0ff93a3a81..d90291980c 100644
--- a/testing/btest/Baseline/scripts.base.utils.active-http/output
+++ b/testing/btest/Baseline/scripts.base.utils.active-http/output
@@ -1,4 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+
 [Content-type] =  text/plain
 [Content-type] =  text/plain
 [Date] =  July 22, 2013,
@@ -7,5 +8,7 @@
 [Server] =  1.0,
 test1, [code=200, msg=OK\x0d, body=It works!, headers={
 test2, [code=200, msg=OK\x0d, body=, headers={
+test3, [code=0, msg=, body=, headers={
+}]
 }]
 }]
diff --git a/testing/btest/scripts/base/utils/active-http.test b/testing/btest/scripts/base/utils/active-http.test
index 36f5ec9eab..b325bb40cc 100644
--- a/testing/btest/scripts/base/utils/active-http.test
+++ b/testing/btest/scripts/base/utils/active-http.test
@@ -17,7 +17,7 @@ function check_exit_condition()
 	{
 	c += 1;
 
-	if ( c == 2 )
+	if ( c == 3 )
 		terminate();
 	}
 
@@ -39,4 +39,5 @@ event zeek_init()
 	{
 	test_request("test1", [$url="127.0.0.1:32123"]);
 	test_request("test2", [$url="127.0.0.1:32123/empty", $method="POST"]);
+	test_request("test3", [$url="127.0.0.1:32123", $method="POST 123"]); # will be rejected and not execute request
 	}