From: James <sudosev@protonmail.ch>
Date: Sun, 7 Jul 2024 17:43:02 +0000 (+0100)
Subject: doc: Update bypass docs to use new keyword format
X-Git-Tag: suricata-8.0.0-rc1~466
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=deb761367df0f98f00d35abce6cd1a6a8d0b32dd;p=thirdparty%2Fsuricata.git

doc: Update bypass docs to use new keyword format

Ticket: #7143

Update documentation to reflect new sticky buffer keyword format
---

diff --git a/doc/userguide/rules/bypass-keyword.rst b/doc/userguide/rules/bypass-keyword.rst
index e5505a68dd..86525a8480 100644
--- a/doc/userguide/rules/bypass-keyword.rst
+++ b/doc/userguide/rules/bypass-keyword.rst
@@ -1,19 +1,23 @@
 Bypass Keyword
 ==============
 
-Suricata has a ``bypass`` keyword that can be used in signatures to exclude traffic from further evaluation.
+.. role:: example-rule-emphasis
 
-The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, YouTube).
+Suricata has a ``bypass`` keyword that can be used in signatures to exclude
+traffic from further evaluation.
 
-The ``bypass`` keyword is considered a post-match keyword.
+The ``bypass`` keyword is useful in cases where there is a large flow expected
+(e.g. Netflix, Spotify, YouTube).
 
+The ``bypass`` keyword is considered a post-match keyword.
 
 bypass
 ------
 
 Bypass a flow on matching http traffic.
 
-Example::
+.. container:: example-rule
 
-  alert http any any -> any any (content:"suricata.io"; \
-      http_host; bypass; sid:10001; rev:1;)
+  alert http any any -> any any (http.host; \
+  content:"suricata.io"; :example-rule-emphasis:`bypass;` \
+  sid:10001; rev:1;)