SURICATA HTTP unable to match response to request

I’m seeing a lot of this alert. A google search seems to indicate that most people just suppress it. But I’m a bit curious about it. They appear to come from the libhtp parser generating that error, and I’m curious as to what would trigger it. Could it be not having enough memory allocated to keep track of all of the active connections, or something else? I seem to be seeing it a lot with traffic to and from our web proxies (although that is most of our web traffic).

I am running suricata 6.0.3 on pfSense.


Could you try to get a pcap example for that?