diff --git a/swift/proxy/server.py b/swift/proxy/server.py
index fa1c87fb7a..9ba5807799 100644
--- a/swift/proxy/server.py
+++ b/swift/proxy/server.py
@@ -1807,6 +1807,9 @@ class BaseApplication(object):
         :param req: webob.Request object
         """
         try:
+            if req.content_length and req.content_length < 0:
+                return HTTPBadRequest(request=req,
+                                      body='Invalid Content-Length')
             try:
                 controller, path_parts = self.get_controller(req.path)
             except ValueError:
diff --git a/test/unit/proxy/test_server.py b/test/unit/proxy/test_server.py
index 46e100bc82..6b1750b1ce 100644
--- a/test/unit/proxy/test_server.py
+++ b/test/unit/proxy/test_server.py
@@ -706,6 +706,23 @@ class TestProxyServer(unittest.TestCase):
         resp = app.handle_request(req)
         self.assert_(called[0])
 
+    def test_negative_content_length(self):
+        swift_dir = mkdtemp()
+        try:
+            baseapp = proxy_server.BaseApplication({'swift_dir': swift_dir},
+                FakeMemcache(), NullLoggingHandler(), FakeRing(), FakeRing(),
+                FakeRing())
+            resp = baseapp.handle_request(
+                Request.blank('/', environ={'CONTENT_LENGTH': '-1'}))
+            self.assertEquals(resp.status, '400 Bad Request')
+            self.assertEquals(resp.body, 'Invalid Content-Length')
+            resp = baseapp.handle_request(
+                Request.blank('/', environ={'CONTENT_LENGTH': '-123'}))
+            self.assertEquals(resp.status, '400 Bad Request')
+            self.assertEquals(resp.body, 'Invalid Content-Length')
+        finally:
+            rmtree(swift_dir, ignore_errors=True)
+
 
 class TestObjectController(unittest.TestCase):