The rule without de http_uri modifier matches if i remove the content: "../" option. It makes sense since the string "../" doesn't appear in the packet, but why do the rule alerts when the http_uri modifier is on it?