The connection monitor in MainWP is reporting that sites are down because requests are triggering OWASP rule 920170.
This is because a GET request from MainWP has a non-zero Content-Length header, which is invalid.
While it is possible to disable this rule, this leaves servers open to a range of attacks that the rule is designed to block. I haven’t logged the additional data (yet) but if it’s meaningful, perhaps a POST request would be more appropriate.