diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst
index a88c075168..53cae61dd5 100644
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@@ -1194,11 +1194,17 @@ anomalies in streams. See :ref:`host-os-policy`.
     async_oneside: false         # do not enable async stream handling
     inline: no                   # stream inline mode
     drop-invalid: yes            # drop invalid packets
+    bypass: no
 
-The 'drop-invalid' option can be set to no to avoid blocking packets that are
+The ``drop-invalid`` option can be set to no to avoid blocking packets that are
 seen invalid by the streaming engine. This can be useful to cover some weird cases
 seen in some layer 2 IPS setup.
 
+The ``bypass`` option activates 'bypass' for a flow/session when either side
+of the session reaches its ``depth``.
+
+.. warning:: ``bypass`` can lead to missing important traffic. Use with care.
+
 **Example 11   Normal/IDS mode**
 
 Suricata inspects traffic in chunks.
diff --git a/suricata.yaml.in b/suricata.yaml.in
index a8284a2884..75c61ce9f7 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -1303,7 +1303,9 @@ flow-timeouts:
 #   inline: no                  # stream inline mode
 #   drop-invalid: yes           # in inline mode, drop packets that are invalid with regards to streaming engine
 #   max-synack-queued: 5        # Max different SYN/ACKs to queue
-#   bypass: no                  # Bypass packets when stream.depth is reached
+#   bypass: no                  # Bypass packets when stream.depth is reached.
+#                               # Warning: first side to reach this triggers
+#                               # the bypass.
 #
 #   reassembly:
 #     memcap: 64mb              # Can be specified in kb, mb, gb.  Just a number