doc: add file.name information to http keyword doc

Signed-off-by: jason taylor <jtfas90@gmail.com>

diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index 0c0f652ad397ed781a41f19d3066d3c2dc4c02f4..ba0d7621f3395084cbd64c6fbc88a4834ec8a7a7 100644 (file)
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -44,6 +44,7 @@ http.accept_enc                http_accept_enc (*)      Request
 http.referer                   http_referer (*)         Request
 http.connection                http_connection (*)      Both
 file.data                      file_data (*)            Both
+file.name                      filename (*)             Request
 http.content_type              http_content_type (*)    Both
 http.content_len               http_content_len (*)     Both
 http.start                     http_start (*)           Both
@@ -670,7 +671,6 @@ Example::
     alert http any any -> any any (flow:to_client; \
             http.location; content:"http://www.google.com"; sid:1;)
 
-
 http.host and http.host.raw
 ---------------------------
 
@@ -843,4 +843,16 @@ Notes
 Multiple Buffer Matching
 ~~~~~~~~~~~~~~~~~~~~~~~~
 
-``file.data`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
\ No newline at end of file
+``file.data`` supports multiple buffer matching, see :doc:`multi-buffer-matching`.
+
+file.name
+---------
+
+The ``file.name`` keyword can be used at the HTTP application level.
+
+Example::
+
+  alert http any any -> any any (msg:"http layer file.name keyword usage"; \
+  file.name; content:"picture.jpg"; classtype:bad-unknown; sid:1; rev:1;)
+
+For additional information on the ``file.name`` keyword, see :doc:`file-keywords`.
\ No newline at end of file