http2: document HTTP1 keywords enabling

For HTTP signatures to match on HTTP2 traffic if configure
option app-layer.protocols.http2.http1-rules is enabled

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index a4fcd75fc0c65d7e6feeac1074f97715a7aa650d..02d7f8e06e89984705f3d9649a999bc8b28b1a9a 100644 (file)
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1387,6 +1387,13 @@ the app-layer event ``http.compression_bomb`` is set
 (this event can also set from other conditions).
 This can happen on slow configurations (hardware, ASAN, etc...)
 
+HTTP2
+-----
+
+HTTP keywords can be enabled to match on HTTP1 traffic.
+To do so, you should set ``app-layer.protocols.http2.http1-rules``.
+In this case, you cannot have HTTP1-only rules.
+
 Configure SMB (Rust)
 ~~~~~~~~~~~~~~~~~~~~
 

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 0148c178aa2014a23ee869f67dd021833eacd50a..8b4e123d39a28168ee8abe8e820483b10185c1aa 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -766,6 +766,8 @@ app-layer:
     # HTTP2: Experimental HTTP 2 support. Disabled by default.
     http2:
       enabled: no
+      # use http keywords on HTTP2 traffic
+      http1-rules: no
     smtp:
       enabled: yes
       raw-extraction: no