From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 5 Jul 2021 07:40:23 +0000 (+0200)
Subject: http2: document HTTP1 keywords enabling
X-Git-Tag: suricata-6.0.4~79
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F6344%2Fhead;p=thirdparty%2Fsuricata.git

http2: document HTTP1 keywords enabling

For HTTP signatures to match on HTTP2 traffic if configure
option app-layer.protocols.http2.http1-rules is enabled
---

diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index a4fcd75fc0..02d7f8e06e 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1387,6 +1387,13 @@ the app-layer event ``http.compression_bomb`` is set
 (this event can also set from other conditions).
 This can happen on slow configurations (hardware, ASAN, etc...)
 
+HTTP2
+-----
+
+HTTP keywords can be enabled to match on HTTP1 traffic.
+To do so, you should set ``app-layer.protocols.http2.http1-rules``.
+In this case, you cannot have HTTP1-only rules.
+
 Configure SMB (Rust)
 ~~~~~~~~~~~~~~~~~~~~
 
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 0148c178aa..8b4e123d39 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -766,6 +766,8 @@ app-layer:
     # HTTP2: Experimental HTTP 2 support. Disabled by default.
     http2:
       enabled: no
+      # use http keywords on HTTP2 traffic
+      http1-rules: no
     smtp:
       enabled: yes
       raw-extraction: no