From deb761367df0f98f00d35abce6cd1a6a8d0b32dd Mon Sep 17 00:00:00 2001
From: James <sudosev@protonmail.ch>
Date: Sun, 7 Jul 2024 18:43:02 +0100
Subject: [PATCH] doc: Update bypass docs to use new keyword format

Ticket: #7143

Update documentation to reflect new sticky buffer keyword format
---
 doc/userguide/rules/bypass-keyword.rst | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/doc/userguide/rules/bypass-keyword.rst b/doc/userguide/rules/bypass-keyword.rst
index e5505a68dd..86525a8480 100644
--- a/doc/userguide/rules/bypass-keyword.rst
+++ b/doc/userguide/rules/bypass-keyword.rst
@@ -1,19 +1,23 @@
 Bypass Keyword
 ==============
 
-Suricata has a ``bypass`` keyword that can be used in signatures to exclude traffic from further evaluation.
+.. role:: example-rule-emphasis
 
-The ``bypass`` keyword is useful in cases where there is a large flow expected (e.g. Netflix, Spotify, YouTube).
+Suricata has a ``bypass`` keyword that can be used in signatures to exclude
+traffic from further evaluation.
 
-The ``bypass`` keyword is considered a post-match keyword.
+The ``bypass`` keyword is useful in cases where there is a large flow expected
+(e.g. Netflix, Spotify, YouTube).
 
+The ``bypass`` keyword is considered a post-match keyword.
 
 bypass
 ------
 
 Bypass a flow on matching http traffic.
 
-Example::
+.. container:: example-rule
 
-  alert http any any -> any any (content:"suricata.io"; \
-      http_host; bypass; sid:10001; rev:1;)
+  alert http any any -> any any (http.host; \
+  content:"suricata.io"; :example-rule-emphasis:`bypass;` \
+  sid:10001; rev:1;)
-- 
2.47.2