diff --git a/src/detect-dce-iface.c b/src/detect-dce-iface.c
index 86dca5009c..ba43b267e3 100644
--- a/src/detect-dce-iface.c
+++ b/src/detect-dce-iface.c
@@ -338,6 +338,12 @@ static int DetectDceIfaceSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
 
     SigMatchAppendAppLayer(s, sm);
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_DCERPC;
     return 0;
 
  error:
diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c
index dafdb117b3..86d2f1cdb8 100644
--- a/src/detect-dce-opnum.c
+++ b/src/detect-dce-opnum.c
@@ -293,6 +293,12 @@ static int DetectDceOpnumSetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
 
     SigMatchAppendAppLayer(s, sm);
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_DCERPC;
     return 0;
 
  error:
diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c
index 4b6c85e7f7..55456ca51b 100644
--- a/src/detect-dce-stub-data.c
+++ b/src/detect-dce-stub-data.c
@@ -100,6 +100,12 @@ static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, char *a
 
     SigMatchAppendAppLayer(s, sm);
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_DCERPC) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_DCERPC;
     return 0;
 
  error:
diff --git a/src/detect-ftpbounce.c b/src/detect-ftpbounce.c
index ad8e493754..4147cef375 100644
--- a/src/detect-ftpbounce.c
+++ b/src/detect-ftpbounce.c
@@ -224,17 +224,17 @@ int DetectFtpbounceMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
  */
 int DetectFtpbounceSetup(DetectEngineCtx *de_ctx, Signature *s, char *ftpbouncestr)
 {
+    SCEnter();
+
     SigMatch *sm = NULL;
 
     sm = SigMatchAlloc();
-    if (sm == NULL)
-        return -1;
+    if (sm == NULL) {
+        goto error;;
+    }
 
     sm->type = DETECT_FTPBOUNCE;
 
-//    if (s != NULL)
-//        s->flags |= SIG_FLAG_APPLAYER;
-
     /* We don't need to allocate any data for ftpbounce here.
     *
     * TODO: As a suggestion, maybe we can add a flag in the flow
@@ -247,7 +247,20 @@ int DetectFtpbounceSetup(DetectEngineCtx *de_ctx, Signature *s, char *ftpbounces
     sm->ctx = NULL;
 
     SigMatchAppendAppLayer(s, sm);
-    return 0;
+
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_FTP) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_FTP;
+    SCReturnInt(0);
+
+error:
+    if (sm != NULL) {
+        SigMatchFree(sm);
+    }
+    SCReturnInt(-1);
 }
 
 #ifdef UNITTESTS
diff --git a/src/detect-http-cookie.c b/src/detect-http-cookie.c
index a2410dcfbc..bbaed13f0d 100644
--- a/src/detect-http-cookie.c
+++ b/src/detect-http-cookie.c
@@ -218,6 +218,12 @@ static int DetectHttpCookieSetup (DetectEngineCtx *de_ctx, Signature *s, char *s
     /* Flagged the signature as to inspect the app layer data */
     s->flags |= SIG_FLAG_APPLAYER;
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_HTTP;
     return 0;
 error:
     if (hd != NULL) {
diff --git a/src/detect-http-method.c b/src/detect-http-method.c
index 49a5b0b9b8..a560ed6999 100644
--- a/src/detect-http-method.c
+++ b/src/detect-http-method.c
@@ -205,6 +205,12 @@ static int DetectHttpMethodSetup(DetectEngineCtx *de_ctx, Signature *s, char *st
     /* Flagged the signature as to inspect the app layer data */
     s->flags |= SIG_FLAG_APPLAYER;
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_HTTP;
     SCReturnInt(0);
 
 error:
diff --git a/src/detect-tls-version.c b/src/detect-tls-version.c
index eaa04fade5..f8cae376ed 100644
--- a/src/detect-tls-version.c
+++ b/src/detect-tls-version.c
@@ -224,6 +224,13 @@ static int DetectTlsVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *s
     sm->ctx = (void *)tls;
 
     SigMatchAppendAppLayer(s, sm);
+
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_TLS;
     return 0;
 
 error:
diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c
index c09ff015f8..6e4f73ea47 100644
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@@ -247,6 +247,12 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
     /* Flagged the signature as to inspect the app layer data */
     s->flags |= SIG_FLAG_APPLAYER;
 
+    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
+        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
+        goto error;
+    }
+
+    s->alproto = ALPROTO_HTTP;
     SCReturnInt(0);
 
 error:
diff --git a/src/detect.c b/src/detect.c
index fa5d2e0659..62d80ceab4 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -83,6 +83,7 @@
 #include "util-rule-vars.h"
 
 #include "app-layer.h"
+#include "app-layer-protos.h"
 #include "app-layer-htp.h"
 #include "detect-tls-version.h"
 
@@ -110,7 +111,6 @@
 #include "util-cuda.h"
 
 SigMatch *SigMatchAlloc(void);
-void SigMatchFree(SigMatch *sm);
 void DetectExitPrintStats(ThreadVars *tv, void *data);
 
 void DbgPrintSigs(DetectEngineCtx *, SigGroupHead *);
@@ -604,6 +604,13 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh
             continue;
         }
 
+        /* if the sig has alproto and the session as well they should match */
+        if (s->alproto != ALPROTO_UNKNOWN && alproto != ALPROTO_UNKNOWN) {
+            if (s->alproto != alproto) {
+                continue;
+            }
+        }
+
         /* check the source & dst port in the sig */
         if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) {
             if (!(s->flags & SIG_FLAG_DP_ANY)) {
diff --git a/src/detect.h b/src/detect.h
index 9d527d09ee..2b90f75614 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -578,6 +578,7 @@ SigTableElmt sigmatch_table[DETECT_TBLSIZE];
 
 /* detection api */
 SigMatch *SigMatchAlloc(void);
+void SigMatchFree(SigMatch *sm);
 void SigCleanSignatures(DetectEngineCtx *);
 
 void SigTableRegisterTests(void);
diff --git a/src/util-error.c b/src/util-error.c
index 86595c5067..4b44b24c70 100644
--- a/src/util-error.c
+++ b/src/util-error.c
@@ -118,6 +118,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_ERR_B2G_CUDA_ERROR);
         CASE_CODE (SC_ERR_INVALID_YAML_CONF_ENTRY);
         CASE_CODE (SC_ERR_TMQ_ALREADY_REGISTERED);
+        CASE_CODE (SC_ERR_CONFLICTING_RULE_KEYWORDS);
         default:
             return "UNKNOWN_ERROR";
     }
diff --git a/src/util-error.h b/src/util-error.h
index bfb31dcbb5..d74ad87fd2 100644
--- a/src/util-error.h
+++ b/src/util-error.h
@@ -135,6 +135,7 @@ typedef enum {
     SC_ERR_B2G_CUDA_ERROR,
     SC_ERR_INVALID_YAML_CONF_ENTRY,
     SC_ERR_TMQ_ALREADY_REGISTERED,
+    SC_ERR_CONFLICTING_RULE_KEYWORDS,
 } SCError;
 
 const char *SCErrorToString(SCError);