Merge in some doc changes.

Fix some doc formatting issues. Update the CHANGES file.
2025-08-14 13:56:01 +03:00 · 2007-08-02 20:40:37 +00:00 · 2007-08-02 20:40:37 +00:00 · b761c1c01c
commit b761c1c01c
parent 72832c1b32
2 changed files with 197 additions and 229 deletions
--- a/4
+++ b/4
@ -1,6 +1,10 @@
 ?? ??? 2007 - 2.5.0-trunk
 -------------------------
 * Cleaned up some documentation.
 * Performance improvements in caching transformations.
 * Stricter validation for @validateUtf8Encoding.
 * Capture the match in TX:0 when using "capture" action in phrase match
--- a/doc/modsecurity2-apache-reference.xml
+++ b/doc/modsecurity2-apache-reference.xml
@ -16,14 +16,14 @@
  <section id="01-introduction">
    <title>Introduction</title>
-    <para><trademark class="trade">ModSecurity</trademark>is a web application
+    <para><trademark class="trade">ModSecurity</trademark> is a web
-    firewall (WAF). With over 70% of all attacks now carried out over the web
+    application firewall (WAF). With over 70% of all attacks now carried out
-    application level, organisations need every help they can get in making
+    over the web application level, organisations need every help they can get
-    their systems secure. WAFs are deployed to establish an external security
+    in making their systems secure. WAFs are deployed to establish an external
-    layer that increases security, detects, and prevents attacks before they
+    security layer that increases security, detects, and prevents attacks
-    reach web applications. It provides protection from a range of attacks
+    before they reach web applications. It provides protection from a range of
-    against web applications and allows for HTTP traffic monitoring and
+    attacks against web applications and allows for HTTP traffic monitoring
-    real-time analysis with little or no changes to existing
+    and real-time analysis with little or no changes to existing
    infrastructure.</para>
    <section>
@ -198,7 +198,7 @@
      commented to allow it to be used as a step-by-step deployment guide for
      ModSecurity. The latest Core Rules can be found at the ModSecurity
      website - <ulink
-      url="???">http://www.modsecurity.org/projects/rules/</ulink>.</para>
+      url="http://www.modsecurity.org/projects/rules/">http://www.modsecurity.org/projects/rules/</ulink>.</para>
    </section>
    <section>
@ -433,11 +433,9 @@
      moreinfo="none">SecAction
      nolog,redirect:http://www.hostname.com</literal></para>
-      <para><emphasis role="bold"> <emphasis
+      <para><emphasis role="bold">ProcessingPhase:</emphasis> Any</para>
      role="bold">ProcessingPhase:</emphasis> </emphasis>Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> None</para>
@ -492,8 +490,7 @@
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Can be
      set/changed with the "ctl" action for the current transaction.</para>
@ -501,8 +498,8 @@
      <para>Example: The following example shows the various audit directives
      used together.</para>
-      <programlisting format="linespecific"><emphasis role="bold">SecAuditEngine RelevantOnly
+      <programlisting format="linespecific"><emphasis role="bold">SecAuditEngine RelevantOnly</emphasis> 
-</emphasis>SecAuditLog logs/audit/audit.log
+SecAuditLog logs/audit/audit.log
 SecAuditLogParts ABCFHZ
 SecAuditLogType concurrent
 SecAuditLogStorageDir logs/audit
@ -545,8 +542,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This file is
      open on startup when the server typically still runs as<emphasis>
@ -582,8 +578,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> A main audit
      log must be defined via <literal moreinfo="none">SecAuditLog</literal>
@ -671,13 +666,12 @@ SecAuditLogStorageDir logs/audit
        <listitem>
          <para><literal moreinfo="none">I</literal> - This part is a
          replacement for part C. It will log the same data as C in all cases
-          except when<literal
+          except when<literal moreinfo="none">multipart/form-data</literal>
-          moreinfo="none">multipart/form-data</literal>encoding in used. In
+          encoding in used. In this case it will log a fake <literal
-          this case it will log a fake<literal moreinfo="none">
+          moreinfo="none"> application/x-www-form-urlencoded</literal> body
-          application/x-www-form-urlencoded</literal> body that contains the
+          that contains the information about parameters but not about the
-          information about parameters but not about the files. This is handy
+          files. This is handy if you don't want to have (often large) files
-          if you don't want to have (often large) files stored in your audit
+          stored in your audit logs.</para>
          logs.</para>
        </listitem>
        <listitem>
@ -708,8 +702,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Must have the
      SecAuditEngine set to RelevantOnly. The parameter is a regular
@ -740,8 +733,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis>
      SecAuditLogType must be set to Concurrent. The directory must already be
@ -767,8 +759,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Must specify
      SecAuditLogStorageDir if you use concurrent logging.</para>
@ -806,8 +797,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Main</para>
      </emphasis>Main</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> The internal
      chroot functionality provided by ModSecurity works great for simple
@ -853,8 +843,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> None</para>
@ -912,8 +901,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> None</para>
    </section>
@ -932,17 +920,15 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Levels
-      <literal moreinfo="none">1</literal>-<literal moreinfo="none">3
+      <literal moreinfo="none">1 - 3</literal> are always sent to the Apache
-      </literal>are always sent to the Apache error log. Therefore you can
+      error log. Therefore you can always use level <literal
-      always use level<literal moreinfo="none"> 0 </literal>as the default
+      moreinfo="none">0</literal> as the default logging level in production.
-      logging level in production. Level<literal moreinfo="none"> 5
+      Level <literal moreinfo="none">5</literal> is useful when debugging. It
-      </literal>is useful when debugging. It is not advisable to use higher
+      is not advisable to use higher logging levels in production as excessive
-      logging levels in production as excessive logging can slow down server
+      logging can slow down server significantly.</para>
      significantly.</para>
      <para>Possible values are:</para>
@ -997,8 +983,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Rules
      following a SecDefaultAction directive will inherit this setting unless
@ -1030,8 +1015,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Check out
      www.maxmind.com for free database files.</para>
@ -1053,8 +1037,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Main</para>
      </emphasis>Main</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> By default
      httpd-guardian will defend against clients that send more 120 requests
@ -1168,8 +1151,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This
      directive is required if you plan to inspect POST_PAYLOADS of requests.
@ -1207,8 +1189,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> 131072 KB
      (134217728 bytes) is the default setting. Anything over this limit will
@ -1231,8 +1212,7 @@ SecAuditLogStorageDir logs/audit
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> None</para>
@ -1256,8 +1236,7 @@ SecRequestBodyInMemoryLimit 131072</programlisting>
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Anything over
      this limit will be rejected with status code 500 Internal Server Error.
@ -1286,8 +1265,7 @@ SecResponseBodyLimit 524288</programlisting>
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis>
      Multiple<literal moreinfo="none"> SecResponseBodyMimeType</literal>
@ -1316,8 +1294,7 @@ SecResponseBodyLimit 524288</programlisting>
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> None</para>
    </section>
@ -1336,8 +1313,7 @@ SecResponseBodyLimit 524288</programlisting>
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This
      directive is required if you plan to inspect html responses. This
@ -1375,8 +1351,7 @@ SecResponseBodyLimit 524288</programlisting>
      <para><emphasis role="bold">Processing Phase:</emphasis> Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> None</para>
@ -1424,8 +1399,8 @@ SecResponseBodyLimit 524288</programlisting>
        <para>In the simplest possible case you will use a regular expression
        pattern as the second rule parameter. This is what we've done in the
-        examples above. If you do this ModSecurity assumes you want to use
+        examples above. If you do this ModSecurity assumes you want to use the
-        the<literal moreinfo="none"> rx </literal>operator. You can explicitly
+        <literal moreinfo="none">rx</literal> operator. You can explicitly
        specify the operator you want to use by using <literal
        moreinfo="none">@</literal> as the first character in the second rule
        parameter:</para>
@ -1475,8 +1450,7 @@ SecResponseBodyLimit 524288</programlisting>
      <para><emphasis role="bold">Processing Phase:</emphasis> Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis>
      Resource-specific contexts (e.g.<literal moreinfo="none">
@ -1508,8 +1482,7 @@ SecDefaultAction log,deny,phase:1,redirect:http://www.site2.com
 &lt;VirtualHost *:80&gt; 
 ServerName app2.com 
 ServerAlias www.app2.com
-<emphasis role="bold">SecRuleInheritance On
+<emphasis role="bold">SecRuleInheritance On</emphasis> SecRule ARGS "attack" 
 </emphasis>SecRule ARGS "attack" 
 ... 
 &lt;/VirtualHost&gt;</programlisting>
@ -1542,8 +1515,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Thisdirective
      can also be controled by the ctl action (ctl:ruleEngine=off) for per
@ -1583,8 +1555,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This
      directive supports multiple parameters, where each parameter can either
@ -1608,8 +1579,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> Any</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This
      directive supports multiple parameters. Each parameter is a regular
@ -1634,8 +1604,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Main</para>
      </emphasis>Main</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> In order for
      this directive to work, you must set the Apache ServerTokens directive
@ -1659,8 +1628,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Needs to be
      writable by the Apache user process. This is the directory location
@ -1683,8 +1651,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This
      directory must be on the same filesystem as the temporary directory
@ -1707,8 +1674,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> This
      directive requires the storage directory to be defined (using <literal
@ -1749,8 +1715,7 @@ ServerAlias www.app2.com
      <para><emphasis role="bold">Processing Phase:</emphasis> N/A</para>
-      <para><emphasis role="bold"> <emphasis role="bold">Scope:</emphasis>
+      <para><emphasis role="bold">Scope:</emphasis> Any</para>
      </emphasis>Any</para>
      <para><emphasis role="bold">Dependencies/Notes:</emphasis> Partitions
      are used to avoid collisions between session IDs and user IDs. This
@ -1961,23 +1926,23 @@ SecRule REQUEST_HEADERS:Host "!^$" "deny,<emphasis role="bold">phase:1</emphasis
      invocations against the operator if argument p does not exist. Some
      variables are actually collections, which are expanded into more
      variables at runtime. The following example will examine all request
-      arguments:<programlisting format="linespecific">SecRule ARGS dirty</programlisting>Sometimes,
+      arguments:<programlisting format="linespecific">SecRule ARGS dirty</programlisting>
-      however, you will want to look only at parts of a collection. This can
+      Sometimes, however, you will want to look only at parts of a collection.
-      be achieved with the help of the <emphasis>selection
+      This can be achieved with the help of the <emphasis>selection
      operator</emphasis>(colon). The following example will only look at the
      arguments named<literal moreinfo="none"> p</literal> (do note that, in
      general, requests can contain multiple arguments with the same name):
-      <programlisting format="linespecific">SecRule ARGS:p dirty</programlisting>It
+      <programlisting format="linespecific">SecRule ARGS:p dirty</programlisting>
-      is also possible to specify exclusions. The following will examine all
+      It is also possible to specify exclusions. The following will examine
-      request arguments for the word<emphasis> dirty</emphasis>, except the
+      all request arguments for the word<emphasis> dirty</emphasis>, except
-      ones named<literal moreinfo="none"> z </literal>(again, there can be
+      the ones named <literal moreinfo="none">z</literal> (again, there can be
      zero or more arguments named<literal moreinfo="none"> z</literal>):
-      <programlisting format="linespecific">SecRule ARGS|!ARGS:z dirty</programlisting>There
+      <programlisting format="linespecific">SecRule ARGS|!ARGS:z dirty</programlisting>
-      is a special operator that allows you to count how many variables there
+      There is a special operator that allows you to count how many variables
-      are in a collection. The following rule will trigger if there is more
+      there are in a collection. The following rule will trigger if there is
-      than zero arguments in the request (ignore the second parameter for the
+      more than zero arguments in the request (ignore the second parameter for
-      time being): <programlisting format="linespecific">SecRule &amp;ARGS !^0$</programlisting>And
+      the time being): <programlisting format="linespecific">SecRule &amp;ARGS !^0$</programlisting>
-      sometimes you need to look at an array of parameters, each with a
+      And sometimes you need to look at an array of parameters, each with a
      slightly different name. In this case you can specify a regular
      expression in the selection operator itself. The following rule will
      look into all arguments whose names begin with <literal
@ -3026,7 +2991,7 @@ SecRule <emphasis role="bold">XML:/xq:employees/employee/name/text()</emphasis>
        </listitem>
        <listitem>
-          <para><literal moreinfo="none">&amp;nbs</literal>p and <literal
+          <para><literal moreinfo="none">&amp;nbsp</literal> and <literal
          moreinfo="none">&amp;nbsp;</literal></para>
        </listitem>
@ -3132,11 +3097,11 @@ SecRule <emphasis role="bold">XML:/xq:employees/employee/name/text()</emphasis>
      <title><literal>urlDecodeUni</literal></title>
      <para>In addition to decoding %xx like <literal
-      moreinfo="none">urlDecode, urlDecodeUni also </literal>decodes<literal
+      moreinfo="none">urlDecode, urlDecodeUni</literal> also decodes <literal
-      moreinfo="none"> <literal>%uXXXX</literal> </literal>encoding. If the
+      moreinfo="none">%uXXXX</literal> encoding. If the code is in the range
-      code is in the range of FF01-FF5E (the full width ASCII codes), then the
+      of FF01-FF5E (the full width ASCII codes), then the higher byte is used
-      higher byte is used to detect and adjust the lower byte. Otherwise, only
+      to detect and adjust the lower byte. Otherwise, only the lower byte will
-      the lower byte will be used and the higher byte zeroed.</para>
+      be used and the higher byte zeroed.</para>
    </section>
    <section>
@ -3180,18 +3145,18 @@ SecRule <emphasis role="bold">XML:/xq:employees/employee/name/text()</emphasis>
    <orderedlist continuation="restarts" inheritnum="ignore">
      <listitem>
-        <para><emphasis>Disruptive actions</emphasis>- are those actions where
+        <para><emphasis>Disruptive actions</emphasis> - are those actions
-        ModSecurity will intercept the data. They can only appear in the first
+        where ModSecurity will intercept the data. They can only appear in the
-        rule in a chain.</para>
+        first rule in a chain.</para>
      </listitem>
      <listitem>
-        <para><emphasis>Non-disruptive actions</emphasis>; can appear
+        <para><emphasis>Non-disruptive actions</emphasis> - can appear
        anywhere.</para>
      </listitem>
      <listitem>
-        <para><emphasis>Flow actions</emphasis>; can appear only in the first
+        <para><emphasis>Flow actions</emphasis> - can appear only in the first
        rule in a chain.</para>
      </listitem>
@ -3199,7 +3164,7 @@ SecRule <emphasis role="bold">XML:/xq:employees/employee/name/text()</emphasis>
        <para><emphasis>Meta-data actions</emphasis>(<literal
        moreinfo="none">id</literal>,<literal moreinfo="none">
        rev</literal>,<literal moreinfo="none"> severity</literal>,<literal
-        moreinfo="none"> msg</literal>); can only appear in the first rule in
+        moreinfo="none"> msg</literal>) - can only appear in the first rule in
        a chain.</para>
      </listitem>
@ -4169,9 +4134,8 @@ SecAction <emphasis role="bold">setsid:%{REQUEST_COOKIES.PHPSESSID}</emphasis></
      <programlisting format="linespecific">setvar:!tx.score</programlisting>
      <para>To increase or decrease variable value use <literal
-      moreinfo="none">+</literal>and<literal
+      moreinfo="none">+</literal> and <literal moreinfo="none">-</literal>
-      moreinfo="none">-</literal>characters in front of a numerical
+      characters in front of a numerical value:</para>
      value:</para>
      <programlisting format="linespecific">setvar:tx.score=+5</programlisting>
    </section>