diff --git a/src/detect.c b/src/detect.c
index 3b8ee921c5..b034d86551 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1610,10 +1610,7 @@ static void DetectFlow(ThreadVars *tv,
                        DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
                        Packet *p)
 {
-    /* No need to perform any detection on this packet, if the the given flag is set.*/
-    if ((p->flags & PKT_NOPACKET_INSPECTION) ||
-        (PACKET_TEST_ACTION(p, ACTION_DROP)))
-    {
+    if (p->flags & PKT_NOPACKET_INSPECTION) {
         /* hack: if we are in pass the entire flow mode, we need to still
          * update the inspect_id forward. So test for the condition here,
          * and call the update code if necessary. */
@@ -1629,6 +1626,8 @@ static void DetectFlow(ThreadVars *tv,
             flags = FlowGetDisruptionFlags(p->flow, flags);
             DeStateUpdateInspectTransactionId(p->flow, flags, true);
         }
+        SCLogDebug("p->pcap %"PRIu64": no detection on packet, "
+                "PKT_NOPACKET_INSPECTION is set", p->pcap_cnt);
         return;
     }
 
diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index 46f53740f7..aea3ff152b 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -4739,6 +4739,10 @@ error:
     }
 
     if (StreamTcpInlineDropInvalid()) {
+        /* disable payload inspection as we're dropping this packet
+         * anyway. Doesn't disable all detection, so we can still
+         * match on the stream event that was set. */
+        DecodeSetNoPayloadInspectionFlag(p);
         PACKET_DROP(p);
     }
     SCReturnInt(-1);