diff --git a/src/test/fuzz/http_request.cpp b/src/test/fuzz/http_request.cpp
--- a/src/test/fuzz/http_request.cpp
+++ b/src/test/fuzz/http_request.cpp
@@ -4,6 +4,7 @@
 
 #include <httpserver.h>
 #include <netaddress.h>
+#include <util/strencodings.h>
 
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
@@ -51,7 +52,19 @@
     const std::vector<uint8_t> http_buffer =
         ConsumeRandomLengthByteVector(fuzzed_data_provider, 4096);
     evbuffer_add(evbuf, http_buffer.data(), http_buffer.size());
-    if (evhttp_parse_firstline_(evreq, evbuf) != 1 ||
+    // Avoid constructing requests that will be interpreted by libevent as PROXY
+    // requests to avoid triggering a nullptr dereference. The dereference
+    // (req->evcon->http_server) takes place in evhttp_parse_request_line and is
+    // a consequence of our hacky but necessary use of the internal function
+    // evhttp_parse_firstline_ in this fuzzing harness. The workaround is not
+    // aesthetically pleasing, but it successfully avoids the troublesome code
+    // path. " http:// HTTP/1.1\n" was a crashing input prior to this
+    // workaround.
+    const std::string http_buffer_str =
+        ToLower({http_buffer.begin(), http_buffer.end()});
+    if (http_buffer_str.find(" http://") != std::string::npos ||
+        http_buffer_str.find(" https://") != std::string::npos ||
+        evhttp_parse_firstline_(evreq, evbuf) != 1 ||
         evhttp_parse_headers_(evreq, evbuf) != 1) {
         evbuffer_free(evbuf);
         evhttp_request_free(evreq);