Suricata

The idea is that pcre could be used to capture a substring (just 1 I suppose) to pass for inspection or further transformation.

Artificial example:

http.request_line; pcrexform:"/[A-z]+\s+(.*)\s+HTTP/"; content:"/index.html";

Here the requestline would be passed in, pcrexform would capture the URI in substring and replace the buffer with its value. Then the content would match on that.