This can’t be done in a single rule, instead you’ll need an alert rule that matches on the SYN pkts and then a rate_filter threshold rule (in threshold.config) that dynamically changes it to a drop rule: https://suricata.readthedocs.io/en/suricata-5.0.3/configuration/global-thresholds.html#rate-filter
See also Rules - limiting traffic to a specific time
The http protocol shouldn’t be used in such a rule btw, in a SYN packet we normally don’t know what the protocol will be yet.