From f6c766112c9be5191c4872dea54cbcebaeb6a56e Mon Sep 17 00:00:00 2001
From: Ralph Broenink <ralph@ralphbroenink.net>
Date: Sat, 14 Oct 2017 12:09:31 +0200
Subject: [PATCH] doc: Minor changes in structuring of HTTP Keywords / Snort
 differences

---
 doc/userguide/rules/differences-from-snort.rst |  7 -------
 doc/userguide/rules/http-keywords.rst          | 18 ++++++------------
 2 files changed, 6 insertions(+), 19 deletions(-)

diff --git a/doc/userguide/rules/differences-from-snort.rst b/doc/userguide/rules/differences-from-snort.rst
index 5c26a0815e..d684c3117f 100644
--- a/doc/userguide/rules/differences-from-snort.rst
+++ b/doc/userguide/rules/differences-from-snort.rst
@@ -2,19 +2,12 @@
 Differences From Snort
 ======================
 
-Overview
---------
 This document is intended to highlight the major differences between Suricata
 and Snort that apply to rules and rule writing.
 
 Where not specified, the statements below apply to Suricata.  In general,
 references to Snort refer to the version 2.9 branch.
 
-Contents
---------
-
-.. contents::
-
 Automatic Protocol Detection
 ----------------------------
 
diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst
index af6a38ec4f..f8c80f65a7 100644
--- a/doc/userguide/rules/http-keywords.rst
+++ b/doc/userguide/rules/http-keywords.rst
@@ -1,5 +1,3 @@
-:tocdepth: 2
-
 HTTP Keywords
 =============
 .. role:: example-rule-emphasis
@@ -22,7 +20,7 @@ refresher:
 
       alert http any any -> any any (http_response_line; content:"403 Forbidden"; sid:1;)
 
-The following request keywords are available:
+The following **request** keywords are available:
 
 ============================== ======================== ==================
 Keyword                        Sticky or Modifier       Direction
@@ -50,7 +48,7 @@ http_protocol                  Sticky Buffer            Both
 http_header_names              Sticky Buffer            Both
 ============================== ======================== ==================
 
-The following response keywords are available:
+The following **response** keywords are available:
 
 ============================== ======================== ==================
 Keyword                        Sticky or Modifier       Direction
@@ -70,11 +68,12 @@ http_protocol                  Sticky Buffer            Both
 http_header_names              Sticky Buffer            Both
 ============================== ======================== ==================
 
+HTTP Primer
+-----------
 It is important to understand the structure of HTTP requests and
 responses. A simple example of a HTTP request and response follows:
 
-HTTP request
-------------
+**HTTP request**
 
 ::
 
@@ -86,8 +85,7 @@ HEAD, etc. The URI path is ``/index.html`` and the HTTP version is
 the versions 0.9, 1.0 and 1.1, 1.0 and 1.1 are the most commonly used
 today.
 
-HTTP response
--------------
+**HTTP response**
 
 ::
 
@@ -178,10 +176,6 @@ Example of the purpose of ``http_uri``:
 
 .. image:: http-keywords/uri.png
 
-Example of the purpose of ``http_raw_uri``:
-
-#.. image:: http-keywords/raw_uri.png
-
 uricontent
 ----------