Slight rewording

Author: pjlast

docs/admin/repo/perforce.mdx

@@ -154,26 +154,42 @@ To enable file-level permissions:
 
 Permissions will be synced in the background based on your [Perforce protects file](https://www.perforce.com/manuals/cmdref/Content/CmdRef/p4_protect.html).
 
-#### Handling host rules in the protects file
+#### Handling IP-based rules
 
-By default, Sourcegraph applies all rules in the protects table regardless of the host rule (treating all host rules as the wildcard `*`). If your setup relies heavily on host rules, this could lead to unintended permissions for users.
+Perforce's `protects` table allows administrators to define fine-grained access controls based on user identities and host IP addresses. By default, Sourcegraph applies all rules from the `protects` table without considering host-specific restrictions, effectively treating all host rules as the wildcard `*`. This behavior can lead to users having unintended access to repositories or files that should be restricted based on their IP addresses.
 
-You have two options if the default behavior is not suitable:
+If your Perforce environment relies heavily on host-based permissions, it's crucial to configure Sourcegraph appropriately to respect these restrictions. This documentation provides detailed instructions on how to enforce or ignore host rules in Sourcegraph when integrating with Perforce.
 
-1. Enforce host rules
-1. Ignore rules that have a host value other than `*`
+##### Default Behavior
+
+By default, Sourcegraph:
+
+- **Applies all rules** in the Perforce `protects` table.
+- **Ignores host-specific restrictions**, treating all host fields as `*`.
+
+**Implication**: Users may gain access to resources that should be restricted based on their IP addresses.
+
+##### Configuration Options
+
+To ensure Sourcegraph handles host rules according to your requirements, you have two additional options:
+
+1. **Enforce Host Rules**: Configure Sourcegraph to respect and enforce IP-based restrictions defined in the `protects` table.
+2. **Ignore Host-Specific Rules**: Configure Sourcegraph to disregard any rules with a host value other than `*`.
 
 ##### Enforcing host rules
 
-To enforce host-specific rules, modify your [site configuration](https://sourcegraph.com/github.com/sourcegraph/sourcegraph@2a716bd/-/blob/schema/site.schema.json?L227-249) as follows:
+If you want Sourcegraph to enforce host-specific permissions, you need to enable IP restriction enforcement in your [site configuration](https://sourcegraph.com/docs/admin/config/site_config):
 
-    ```json
-    {
-      "experimentalFeatures": {
-        "subRepoPermissions": { "enabled": true, "enforceIPRestrictions": true }
-      }
+```json
+{
+  "experimentalFeatures": {
+    "subRepoPermissions": {
+      "enabled": true,
+      "enforceIPRestrictions": true
     }
-    ```
+  }
+}
+```
 
 When `enforceIPRestrictions` is set to `true`, Sourcegraph will use the user's IP address to apply Perforce permissions at the user level. It uses the final `X-Forwarded-For` header in the request to identify the user's IP. Note that this header can be easily spoofed, so ensure your load balancer or proxy handles `X-Forwarded-For` headers securely.
 
@@ -182,12 +198,12 @@ When `enforceIPRestrictions` is set to `true`, Sourcegraph will use the user's I
 To ignore rules that have a host value other than `*`, set `ignoreRulesWithHost` to `true` in your **code host configuration**:
 
 ```json
-    {
-      "authorization": {
-        "subRepoPermissions": true,
-        "ignoreRulesWithHost": true
-      }
-    }
+{
+  "authorization": {
+    "subRepoPermissions": true,
+    "ignoreRulesWithHost": true
+  }
+}
 ```
 
 With this setting, Sourcegraph will ignore any rules with a host other than `*`, treating them as if they do not exist.