Improve doc

doc/sources/admin/idpopenidconnect.rst

@@ -339,14 +339,14 @@ Options
    - **Authentication Level**: required authentication level to access this application
    - **Access Rule**: lets you specify a :doc:`Perl rule<rules_examples>` to restrict access to this client
 
-- **Logout**
+-  **Logout**
 
-  - **Allowed redirection addresses for logout**: A space separated list of
-    URLs that this client can redirect the user to once the logout is done
-    (through ``post_logout_redirect_uri``)
-  - **URL**: Specify the relying party's logout URL
-  - **Type**: Type of Logout to perform (only Front-Channel is implemented for now)
-  - **Session required**: Whether to send the Session ID in the logout request
+   -  **Allowed redirection addresses for logout**: A space separated list of
+      URLs that this client can redirect the user to once the logout is done
+      (through ``post_logout_redirect_uri``)
+   -  **URL**: Specify the relying party's logout URL
+   -  **Type**: Type of Logout to perform (only Front-Channel is implemented for now)
+   -  **Session required**: Whether to send the Session ID in the logout request
 
 Access Rule extra variables
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^

doc/sources/admin/ssoaas.rst

@@ -41,6 +41,14 @@ There are two different architectures to do this:
 -  Using front reverse-proxies *(some cloud installations use
    reverse-proxies in front-end)*
 
+
+.. note::
+
+    Some requests can be droped by the fastCGI/uWSGI server.
+    Example below with uWSGI server to avoid Load Balancer health check requests:
+
+    ```route-remote-addr = ^127\.0\.0\.25[34]$ break: 403 Forbidden for IP ${REMOTE_ADDR}```
+
 Example of a global FastCGI architecture:
 
 |image0|