1 files changed, 33 insertions, 6 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 89e063f..91e085c 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -81,6 +81,24 @@ This configuration variable contains parameters that are used by multiple featur
 - ``cookie_env_var``: A environment variable used as part of cookies encryption.
  See the :ref:`relevant documentation <config_cookie-encryption>`
+log_media
+^^^^^^^^^
+This configuration variable allows to specify how logs should be written,
+either via ``php`` or ``syslog``.
+::
+  sp.log_media("php");
+  sp.log_media("syslog");
+The default value for ``sp.log_media`` is ``php``, to respect the `principle of
+least astonishment
+<https://en.wikipedia.org/wiki/Principle_of_least_astonishment>`__. But since
+it's `possible to modify php's logging system via php
+<https://www.php.net/manual/en/errorfunc.configuration.php>`__, it's
+heavily recommended to use the ``syslog`` option instead.
 Bugclass-killer features
 ------------------------
@@ -181,8 +199,8 @@ argument and various information about it in the environment:
 This feature can be used, for example, to check if an uploaded file contains php
 code, using `vld <https://derickrethans.nl/projects.html#vld>`_,
-via `a python script <https://github.com/nbs-system/snuffleupagus/tree/master/scripts/upload_validation.py>`__,
+via `a python script <https://github.com/jvoisin/snuffleupagus/tree/master/scripts/upload_validation.py>`__,
-or `a php one <https://github.com/nbs-system/snuffleupagus/tree/master/scripts/upload_validation.php>`__.
+or `a php one <https://github.com/jvoisin/snuffleupagus/tree/master/scripts/upload_validation.php>`__.
 The upload will be **allowed** if the script returns the value ``0``. Every other
 value will prevent the file from being uploaded.
@@ -236,8 +254,11 @@ blacklisted, it'll be allowed.
 Virtual-patching
 ----------------
-Snuffleupagus provides virtual-patching via the ``disable_function`` directive, allowing you to stop or control dangerous behaviours.
+Snuffleupagus provides virtual-patching via the ``disable_function`` directive,
-In the situation where you have a call to ``system()`` that lacks proper user-input validation, this could cause issues as it would lead to an **RCE**. The virtual-patching would allow this to be prevented.
+allowing you to stop or control dangerous behaviours.  In the situation where
+you have a call to ``system()`` that lacks proper user-input validation, this
+could cause issues as it would lead to an **RCE**. The virtual-patching would
+allow this to be prevented.
 ::
   
@@ -287,8 +308,14 @@ The ``type`` must be one of the following values:
 Actions
 ^^^^^^^
+Every rule *must* have one action.
 - ``allow()``: **allow** the request if the rule matches
 - ``drop()``: **drop** the request if the rule matches
+Modifications
+^^^^^^^^^^^^^
 - ``dump(directory)``: dump the request in the ``directory`` if it matches the rule
 - ``simulation()``: enabled the simulation mode
@@ -324,7 +351,7 @@ For clarity, the presence of the ``allow`` or ``drop`` action is **mandatory**.
  because it'll match the deny first.
 If you're paranoid, we're providing a `php script
-<https://github.com/nbs-system/snuffleupagus/blob/master/scripts/generate_rules.php>`__
+<https://github.com/jvoisin/snuffleupagus/blob/master/scripts/generate_rules.php>`__
 to automatically generate hash of files containing dangerous functions, and
 blacklisting them everywhere else.
@@ -340,7 +367,7 @@ It's currently not possible to:
  things like this, odds are that you're doing something wrong anyway.
 - Hooks on ``echo`` and on ``print`` are equivalent: there is no way to hook one
  without hooking the other, at least
-  `for now <https://github.com/nbs-system/snuffleupagus/issues/190>`__).
+  `for now <https://github.com/jvoisin/snuffleupagus/issues/190>`__).
  This is why hooked ``print`` will be displayed as ``echo`` in the logs.
 - Hook `strlen`, since in latest PHP versions, this function is usually
  optimized away by the compiled.