diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 49c8870e43..4304afa3a1 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -63,6 +63,7 @@ typedef struct http_filter_ctx
     apr_off_t limit;
     apr_off_t limit_used;
     apr_int32_t chunk_used;
+    apr_int32_t chunk_bws;
     apr_int32_t chunkbits;
     enum
     {
@@ -133,6 +134,7 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
             ctx->remaining = 0;
             ctx->chunkbits = sizeof(apr_off_t) * 8;
             ctx->chunk_used = 0;
+            ctx->chunk_bws = 0;
         }
 
         if (c == LF) {
@@ -164,7 +166,12 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
             }
         }
         else if (c == ' ' || c == '\t') {
+            /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3).
+             */
             ctx->state = BODY_CHUNK_CR;
+            if (++ctx->chunk_bws > 10) {
+                return APR_EINVAL;
+            }
         }
         else if (ctx->state == BODY_CHUNK_CR) {
             /*