From 3f146cdd7e965ef46a4c8ae1052151a57723a589 Mon Sep 17 00:00:00 2001
From: Travis Green <travis@travisgreen.net>
Date: Thu, 5 Sep 2019 11:33:55 -0700
Subject: [PATCH] doc: add endswith keyword docs

---
 doc/userguide/rules/payload-keywords.rst | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst
index 59f8d2d877..4cdf124d44 100644
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@@ -144,6 +144,24 @@ Example::
 ``startswith`` cannot be mixed with ``depth``, ``offset``, ``within`` or
 ``distance`` for the same pattern.
 
+endswith
+--------
+
+The ``endswith`` keyword is similar to ``isdataat:!1,relative;``. It takes no
+arguments and must follow a ``content`` keyword. It modifies the ``content`` to
+match exactly at the end of a buffer.
+
+Example::
+
+    content:".php"; endswith;
+
+``endswith`` is a short hand notation for::
+
+    content:".php"; isdatat:!1,relative;
+
+``endswith`` cannot be mixed with ``offset``, ``within`` or
+``distance`` for the same pattern.
+
 offset
 ------
 
-- 
2.47.2