@@ -760,12 +760,15 @@ to find *one* that matches the current request. As soon as it finds a matching
760760is used to enforce access.
761761
762762Each ``access_control `` has several options that configure two different
763- things: (a):ref: `should the incoming request match this access control entry<security-book-access-control-matching-options> `
764- and (b):ref: `once it matches, should some sort of access restriction be enforced<security-book-access-control-enforcement-options> `:
763+ things:
764+
765+ *:ref: `should the incoming request match this access control entry<security-book-access-control-matching-options> `
766+ *:ref: `once it matches, should some sort of access restriction be enforced<security-book-access-control-enforcement-options> `:
765767
766768.. _security-book-access-control-matching-options :
767769
768- **(a) Matching Options **
770+ Matching Options
771+ ................
769772
770773Symfony2 creates an instance of:class: `Symfony\\ Component\\ HttpFoundation\\ RequestMatcher `
771774for each ``access_control `` entry, which determines whether or not a given
@@ -860,7 +863,8 @@ will match any ``ip``, ``host`` or ``method``:
860863
861864.. _security-book-access-control-enforcement-options :
862865
863- **(b) Access Enforcement **
866+ Access Enforcement
867+ ..................
864868
865869Once Symfony2 has decided which ``access_control `` entry matches (if any),
866870it then *enforces * access restrictions based on the ``roles `` and ``requires_channel ``