diff --git a/regex-assembly/934130.ra b/regex-assembly/934130.ra
new file mode 100644
index 0000000000..dacf8fb2c0
--- /dev/null
+++ b/regex-assembly/934130.ra
@@ -0,0 +1,7 @@
+##! Please refer to the documentation at
+##! https://coreruleset.org/docs/development/regex_assembly/.
+
+
+
+__proto__
+constructor\s*(?:\.|\]?\[)\s*prototype
diff --git a/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf b/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
index 2d6759edc6..e8fb5158e3 100644
--- a/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
+++ b/rules/REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
@@ -150,7 +150,7 @@ SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|REQUEST_FILENAME|ARGS_NAMES|ARGS|X
 #
 # Note: only server-based (not DOM-based) attacks are covered here.
 
-SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx (?:__proto__|constructor\s*(?:\.|\]?\[)\s*prototype)" \
+SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* "@rx __proto__|constructor[\s\x0b]*(?:\.|\]?\[)[\s\x0b]*prototype" \
     "id:934130,\
     phase:2,\
     block,\