Updated documentation.

diff --git a/docs/awstats_security.html b/docs/awstats_security.html
index 33f358849a71604cc915d5e2fc266957cd37d584..e605623b1880fcce3e96f02551354bccf4d91977 100644 (file)
--- a/docs/awstats_security.html
+++ b/docs/awstats_security.html
@@ -76,7 +76,7 @@ No way to have 2 configurations files for 1 particular domain.<br>
 <font color=blue><b>How</b></font>:<br>\r
 First, AWStats must be placed in its own cgi-bin-awstats directory with no way for users to\r
 put in it a hacked version of AWStats (an unwritable directory).<br>\r
-Then, you must add an environment variable called <b>AWSTATS_CONFIG</b> in the web server environment\r
+Then, you must add an environment variable called <b>AWSTATS_FORCE_CONFIG</b> in the web server environment\r
 for each domain to say which config file to use for a particular domain.<br>\r
 <u>With Apache web server, you must use the '<i>SetEnv</i>' directive. This is an example:</u><br><i>\r
 &lt;VirtualHost www.xxx.yyy.zzz&gt;<br>\r
@@ -84,7 +84,7 @@ for each domain to say which config file to use for a particular domain.<br>
 &nbsp; ServerName   mydomain.com<br>\r
 &nbsp; ScriptAlias  /cgi-bin-awstats/<br>\r
 &nbsp; DocumentRoot /usr/local/apache/html<br>\r
-&nbsp; SetEnv AWSTATS_CONFIG myconfigvalueformydomain<br>\r
+&nbsp; SetEnv AWSTATS_FORCE_CONFIG myconfigvalueformydomain<br>\r
 &lt;/VirtualHost&gt;<br>\r
 </i>\r
 When using AWStats as a CGI with the following URL '<i>http://mydomain.com/cgi-bin-awstats/awstats.pl</i>', AWStats\r
@@ -126,13 +126,18 @@ To known how to create a protected realm for servers other than Apache, see your
 Then edit each config/domain file you want to be protected to set <a href="awstats_config.html#AllowAccessFromWebToAuthenticatedUsersOnly">AllowAccessFromWebToAuthenticatedUsersOnly</a> to 1.<br>\r
 You can also edit list of authorized users in the <a href="awstats_config.html#AllowAccessFromWebToFollowingAuthenticatedUsers">AllowAccessFromWebToFollowingAuthenticatedUsers</a> parameter.<br>\r
 You can also specify a range of allowed browsers IP Addresses with the <a href="awstats_config.html#AllowAccessFromWebToFollowingIPAddresses">AllowAccessFromWebToFollowingIPAddresses</a> parameter.<br>\r
+The following parameters <a href="awstats_config.html#ErrorMessages">ErrorMessages</a> and <a href="awstats_config.html#DebugMessages">DebugMessages</a> are\r
+also related to security parameters.<br>\r
 <br>\r
-Other tip: If you define <b>AWSTATS_CONFIG</b> environment variable in your web server environment (Adding\r
-<i>SetEnv AWSTATS_CONFIG myconfigvalueformydomain</i> with other directives in your Apache VirtualHost config), AWStats\r
-will use the config file called <i>awstats.myconfigvalueformydomain.conf</i> to choose which statistics used,\r
+Other tip: If the <b>AWSTATS_FORCE_CONFIG</b> environment variable is defined, AWStats will always use\r
+the config file <i>awstats.VALUE_OF_AWSTATS_FORCE_CONFIG.conf</i> as the config/domain file.\r
+So if you add this environment variable into your web server environment, for example by adding the line<br>\r
+<i>SetEnv AWSTATS_FORCE_CONFIG configvalueforthisdomain</i><br>\r
+with other directives in your Apache <i>&lt;VirtualHost&gt;</i> directive group in httpd.conf), AWStats will use the config file\r
+called <i>awstats.configvalueforthisdomain.conf</i> to choose which statistics used,\r
 even if a visitor try to force the config/domain file with the URL '<i>http://mydomain/cgi-bin/awstats.pl?config=otherdomain</i>'.\r
 This might be usefull for thoose who edit their config/domain file with <a href="awstats_config.html#AllowAccessFromWebToFollowingAuthenticatedUsers">AllowAccessFromWebToFollowingAuthenticatedUsers</a>="__REMOTE_USER__"</i>\r
-to avoid managing account lists in AWStats config files.<br>\r
+instead of maintaning the list of authorized users into each AWStats config file.<br>\r
 <br><br>\r
 \r
 <br><a name="3"><H2 style="font: 22px arial,helvetica,sanserif color: #606060"><u>3) NO SECURITY POLICY</u></H2></a><br>\r