doc/userguide: fix base64 example

Add a sticky buffer example and fix the content modifier one.

diff --git a/doc/userguide/rules/base64-keywords.rst b/doc/userguide/rules/base64-keywords.rst
index 178fbe74d12ea066ed96326bacd3da5c7eea9224..350fc236c0746bf702f17c7a9e2ed260e622344a 100644 (file)
--- a/doc/userguide/rules/base64-keywords.rst
+++ b/doc/userguide/rules/base64-keywords.rst
@@ -47,5 +47,14 @@ Example::
     http_uri = "GET /en/somestring&dGVzdAo=&not_base64"
 
     Rule:
-    alert http any any -> any any (msg:"Example"; content:"somestring"; base64_decode:bytes 8, offset 1, relative; \
-        http_uri; base64_content; content:"test"; sid:10001; rev:1;)
+    alert http any any -> any any (msg:"Example"; http.uri; content:"somestring"; \
+         base64_decode:bytes 8, offset 1, relative; \
+         base64_data; content:"test"; sid:10001; rev:1;)
+
+    Buffer content:
+    http_uri = "GET /en/somestring&dGVzdAo=&not_base64"
+
+    Rule:
+    alert http any any -> any any (msg:"Example"; content:"somestring"; http_uri; \
+         base64_decode:bytes 8, offset 1, relative; \
+         base64_data; content:"test"; sid:10001; rev:1;)