diff --git a/scenarios/crowdsecurity/http-generic-bf.yaml b/scenarios/crowdsecurity/http-generic-bf.yaml
index b3ca1cd46c2..9780440b8f1 100644
--- a/scenarios/crowdsecurity/http-generic-bf.yaml
+++ b/scenarios/crowdsecurity/http-generic-bf.yaml
@@ -23,7 +23,7 @@ type: leaky
 #debug: true
 name: LePresidente/http-generic-401-bf
 description: "Detect generic 401 Authorization error brute force"
-filter: "evt.Meta.log_type == 'http_access-log' && evt.Meta.http_status == '401' && evt.Meta.sub_type != 'auth_fail'"
+filter: "evt.Meta.log_type == 'http_access-log' && evt.Meta.http_status == '401' && evt.Meta.sub_type != 'auth_fail' && evt.Parsed.verb not in ['OPTIONS', 'PROPFIND', 'REPORT']"
 groupby: evt.Meta.source_ip
 capacity: 5
 leakspeed: "10s"
@@ -43,7 +43,7 @@ type: leaky
 #debug: true
 name: LePresidente/http-generic-403-bf
 description: "Detect generic 403 Forbidden (Authorization) error brute force"
-filter: "evt.Meta.log_type == 'http_access-log' && evt.Meta.http_status == '403' && evt.Meta.sub_type != 'auth_fail'"
+filter: "evt.Meta.log_type == 'http_access-log' && evt.Meta.http_status == '403' && evt.Meta.sub_type != 'auth_fail' && evt.Parsed.verb not in ['OPTIONS', 'PROPFIND', 'REPORT']"
 groupby: evt.Meta.source_ip
 capacity: 5
 leakspeed: "10s"