diff --git a/config/config.default.js b/config/config.default.js
index 5b598e2d74..b5ab704cef 100644
--- a/config/config.default.js
+++ b/config/config.default.js
@@ -236,8 +236,15 @@ module.exports = appInfo => {
       depth: 5,
       parameterLimit: 1000,
     },
-    onerror(err) {
+    onerror(err, ctx) {
       err.message += ', check bodyParser config';
+      if (ctx.status === 404) {
+        // set default status to 400, meaning client bad request
+        ctx.status = 400;
+        if (!err.status) {
+          err.status = 400;
+        }
+      }
       throw err;
     },
   };
diff --git a/test/app/middleware/body_parser.test.js b/test/app/middleware/body_parser.test.js
index c0a60dd433..04f37833ec 100644
--- a/test/app/middleware/body_parser.test.js
+++ b/test/app/middleware/body_parser.test.js
@@ -1,5 +1,3 @@
-'use strict';
-
 const assert = require('assert');
 const querystring = require('querystring');
 const utils = require('../../utils');
@@ -82,6 +80,24 @@ describe('test/app/middleware/body_parser.test.js', () => {
       .expect(413);
   });
 
+  it('should 400 when GET with invalid body', async () => {
+    app.mockCsrf();
+    await app.httpRequest()
+      .get('/test/body_parser/user')
+      .set('content-type', 'application/json')
+      .set('content-encoding', 'gzip')
+      .expect(/unexpected end of file, check bodyParser config/)
+      .expect(400);
+
+    await app.httpRequest()
+      .get('/test/body_parser/user')
+      .set('content-type', 'application/json')
+      .set('content-encoding', 'gzip')
+      .send({ foo: 'a'.repeat(1024) })
+      .expect(/incorrect header check, check bodyParser config/)
+      .expect(400);
+  });
+
   it('should disable body parser', async () => {
     app1 = utils.app('apps/body_parser_testapp_disable');
     await app1.ready();