What does the HTTP Request Log Line regex match?

Extracts key fields from a structured HTTP request log: method, path, status code, and duration.

Is the HTTP Request Log Line regex ReDoS-safe?

Yes. Manually audited and tested against ReDoS attack strings. Anchors and possessive-style constraints prevent runaway backtracking paths.

Dev & Systems/Log Parsing

Verified Safe

HTTP Request Log Line Regex for JavaScript

/^(?:(?!FETCH)(?:GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS) [^\s]+ [0-9]{3}(?: [0-9]+ms| elapsed=[0-9]+ms)?|method=[A-Z]+ path=[^\s]+ status=[0-9]{3} duration=[0-9]+ms)$/i

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching http request log line, ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// HTTP Request Log Line
// ReDoS-safe | RegexVault — Dev & Systems > Log Parsing

const httpRequestLogLineRegex = /^(?:(?!FETCH)(?:GET|POST|PUT|DELETE|PATCH|HEAD|OPTIONS) [^\s]+ [0-9]{3}(?: [0-9]+ms| elapsed=[0-9]+ms)?|method=[A-Z]+ path=[^\s]+ status=[0-9]{3} duration=[0-9]+ms)$/i;

function validateHttpRequestLogLine(input: string): boolean {
  return httpRequestLogLineRegex.test(input);
}

// Example
console.log(validateHttpRequestLogLine("GET /api/users 200 125ms")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`GET /api/users 200 125ms`	`FETCH /api 200`
`method=POST path=/api/login status=401 duration=50ms`	`not a request log`
`PUT /api/resource/123 204`	`GET 200`
`DELETE /api/item/42 200 elapsed=10ms`	`invalid method /path 200`

When to use this pattern

This pattern is drawn from the Dev & Systems > Log Parsing category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Different observability stacks emit different log formats. This pattern covers common variants but a dedicated log parsing library is more reliable for production observability pipelines.

Technical Notes

Groups: 1=HTTP method, 2=path, 3=status code, 4=duration (optional). The pattern is flexible on surrounding key=value formatting to handle multiple log styles.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern