diff --git a/docs/advanced/privacy_considerations.md b/docs/advanced/privacy_considerations.md
index c300cc2821e42ed5b9a20c88c03db24e52e52682..b2ea72fd1e52970a64b7abf7e614a960cad07339 100644
--- a/docs/advanced/privacy_considerations.md
+++ b/docs/advanced/privacy_considerations.md
@@ -8,7 +8,7 @@ CERNBox is [suitable for storing personal data](https://cern.service-now.com/ser
 
 As a CERN user, you have the option to use Microsoft Office to edit files stored in your EOS personal or project spaces. Depending on the licence you are eligible for, you can use:
 
-- [Microsoft Office Online](https://cernbox.docs.cern.ch/web/apps/office_online/) integrated on the CERNBox web interface. In this case, please note that the document you are editing will be shipped to a Microsoft data centre. The [Record of Processing Operations](https://cern.service-now.com/service-portal?id=privacy_policy&se=CERNBox-Service&notice=CERNBox-v2) provides further details about the data collected by Microsoft.
+- [Microsoft Office Online](../web/apps/office_online.md) integrated on the CERNBox web interface. In this case, please note that the document you are editing will be shipped to a Microsoft data centre. The [Record of Processing Operations](https://cern.service-now.com/service-portal?id=privacy_policy&se=CERNBox-Service&notice=CERNBox-v2) provides further details about the data collected by Microsoft.
 
 - Microsoft Office for Desktop, either on a Windows PC managed by you, or through the Windows Terminal Services. 
 
@@ -18,4 +18,4 @@ If you are concerned about your data privacy, or you are bound by contractual or
 
 The [LibreOffice suite](https://www.libreoffice.org/) is available for all major Operating Systems and, as it operates enitirely on premise, is appropriate for processing such Office documents.
 
-Furthermore, in order to keep strict control on who can access confidential or personal data, it is recommended *not* to use public, anonymous links when sharing the data, as by design they can be reshared with no control. Instead, use [authenticated shares](https://cernbox.docs.cern.ch/web/sharing/auth-share/), and if the recipients are external contractors, ask them to create an [external (or lightweight) account](https://cernbox.docs.cern.ch/web/access/#accounts-supported).
+Furthermore, in order to keep strict control on who can access confidential or personal data, it is recommended *not* to use public, anonymous links when sharing the data, as by design they can be reshared with no control. Instead, use [authenticated shares](../web/sharing/auth-share.md), and if the recipients are external contractors, ask them to create an [external (or lightweight) account](../web/access.md#accounts-supported).
diff --git a/docs/advanced/restore_from_trash.md b/docs/advanced/restore_from_trash.md
index 39a3147eb54bf66b84e361f6429e55744322ca8b..6b5d637e2a4f36720ee86129289cf49c61b39914 100644
--- a/docs/advanced/restore_from_trash.md
+++ b/docs/advanced/restore_from_trash.md
@@ -14,7 +14,7 @@ With your Primary Account, open [your trashbin](https://cernbox.cern.ch/files/tr
 
 With your Primary Account, open [your projects in CERNBox](https://cernbox.cern.ch/files/spaces/project) and click on the `...` menu of the concerned project to find its _Deleted files_ view:
 
-![](../../assets/images/project-recycle-bin.png)
+![](../assets/images/project-recycle-bin.png)
 
 In that page, you can browse and restore files as for the standard personal recycle bin.
 
@@ -38,7 +38,7 @@ This operation is restricted to the Account that owns the space (Primary Account
 
 See example below:
 
-![](../../assets/images/project-restore-3.png)
+![](../assets/images/project-restore-3.png)
 
 Check that the versions got restored by the eos 'ls -al' command:
 
@@ -46,4 +46,4 @@ Check that the versions got restored by the eos 'ls -al' command:
 
 ``` e.g. eos ls -al /eos/project/s/swanee/annotation3d.C.nbconvert/.sys.v#.README.docx ```
 
-![](../../assets/images/project-restore-2.png)
+![](../assets/images/project-restore-2.png)
diff --git a/docs/desktop/other-access-methods/desktop-mobile-access.md b/docs/desktop/other-access-methods/desktop-mobile-access.md
index 4d8be88ccfb613253412aa3088a58b948e84611c..817d17677f6a28e9fdd1de6c366935f6eca22d70 100644
--- a/docs/desktop/other-access-methods/desktop-mobile-access.md
+++ b/docs/desktop/other-access-methods/desktop-mobile-access.md
@@ -22,7 +22,7 @@ The following is recommended for your:
     If your NICE account has been migrated from DFS to CERNBox, the default folders (Desktop, Documents, Pictures, etc) will already be available on your PC. You only have to sync the other folders that you will use.
 
 * [Sync Clients](https://cernbox.web.cern.ch/cernbox/downloads/)
-* [Windows Network Share or Mapped Drive](/desktop/other-access-methods/samba/)
+* [Windows Network Share or Mapped Drive](samba.md)
 * [WebDav](webdav.md)
 
 
@@ -53,7 +53,7 @@ rdns = true
 ![mac os workflow](../../assets/images/mac-os-workflow.svg)
 
 * [Sync Clients](https://cernbox.web.cern.ch/cernbox/downloads/)
-* [SMB Mapped Drive](/desktop/other-access-methods/samba/) (using `smb://` as address prefix)
+* [SMB Mapped Drive](samba.md) (using `smb://` as address prefix)
 * [WebDav](webdav.md)
 
 
diff --git a/docs/for_developers/file-picker/data.md b/docs/for_developers/file-picker/data.md
index f503f83af512da697de18778761f3bbad9d791e2..ef5d202638b0c3844ce9144e3fc27f2c027db617 100644
--- a/docs/for_developers/file-picker/data.md
+++ b/docs/for_developers/file-picker/data.md
@@ -25,7 +25,7 @@ parameter will be enough to authenticate the user.
 
 ### When using URL sharing
 
-Please refer to the [URL sharing](../embedding#url-sharing) section for more
+Please refer to the [URL sharing](embedding.md#url-sharing) section for more
 information.
 
 ```json
@@ -44,7 +44,7 @@ information.
 
 ### When using public link sharing
 
-Please refer to the [public link sharing](../embedding#public-link-sharing)
+Please refer to the [public link sharing](embedding.md#public-link-sharing)
 section for more information.
 
 ```json
@@ -63,7 +63,7 @@ section for more information.
 
 ## Location selector
 
-Please refer to the [location selector](../embedding#location-selector)
+Please refer to the [location selector](embedding.md#location-selector)
 section for more information.
 
 ```json
diff --git a/docs/for_developers/file-picker/setup.md b/docs/for_developers/file-picker/setup.md
index 100156c98931d151a6c3ecd4bbb456a54e2f74fa..4df2484f898f2bf41cd9c94239a22b85d391471e 100644
--- a/docs/for_developers/file-picker/setup.md
+++ b/docs/for_developers/file-picker/setup.md
@@ -77,7 +77,7 @@ fine-tune the size of the login web dimensions.
 ### allowed-origins.json
 
 This file contains a list of the origins that the file-picker will accept in the
-[`origin` query parameter](docs/embedding/#query-parameters).
+[`origin` query parameter](embedding.md#query-parameters).
 You can use the `*` wildcard to whitelist entire domains. Imagine you host two
 applications in the `mycloud.net` domain which you want to allow use of the
 File-picker:
diff --git a/docs/web/index.fr.md b/docs/web/index.fr.md
index 9134887ed399ac0c9cd5950ab1e2a659f5c65d6d..b0c0ff0c0f78746bb418b313aad71344bde43982 100644
--- a/docs/web/index.fr.md
+++ b/docs/web/index.fr.md
@@ -21,7 +21,7 @@ Celles-ci incluent des explications sur les nouvelles fonctionnalités majeures
 * [Écosystème d'applications amélioré](apps/index.md)
 * [Intégration améliorée des projets](projects/index.md)
 * [Prise en charge des comptes légers](access.md#accounts-supported)
-* [Refus d'accès](projects/manage_project_space.md/#sharing-the-resources-inside-the-project)
+* [Refus d'accès](projects/manage_project_space.md#sharing-the-resources-inside-the-project)
 
 
 
diff --git a/docs/web/projects/access-to-project-space.md b/docs/web/projects/access-to-project-space.md
index ce4569da849d67c51149aac399b79e159e9a4dcd..53b453fc65e097df833318ee4aed160012821bc3 100644
--- a/docs/web/projects/access-to-project-space.md
+++ b/docs/web/projects/access-to-project-space.md
@@ -2,7 +2,7 @@
 
 Access in project spaces is controlled:
 
-* to the ENTIRE project via the `cernbox-project-<projectname>-writers` and `-readers` e-groups (you can check their membership at [https://egroups.cern.ch](https://egroups.cern.ch)): see [manage project space](https://cernbox.docs.cern.ch/web/projects/manage_project_space/).
+* to the ENTIRE project via the `cernbox-project-<projectname>-writers` and `-readers` e-groups (you can check their membership at [https://egroups.cern.ch](https://egroups.cern.ch)): see [manage project space](manage_project_space.md).
 * to individual folders (and their sub-folders) via the Authenticated Share method in CERNBox (in a Web browser).
    
 > All the folders of the project can be shared by Authenticated Share and Link Share by members in the `-admins` e-group ONLY. This group includes by default the Service Account that was designated when creating the project space, which owns all the project's files.
diff --git a/docs/web/projects/manage_project_space.md b/docs/web/projects/manage_project_space.md
index c73059905c503510dde9f95e5bcea82bcff1d1ec..0a0276f3faca3116022786b7720a67504b15bca4 100644
--- a/docs/web/projects/manage_project_space.md
+++ b/docs/web/projects/manage_project_space.md
@@ -31,7 +31,7 @@ All members of the CERNBox project see the contents of the project by logging in
 
 It's possible to share any of the project folders. The process is the same as described for [shares](../sharing/index.md).
 
-In addition, project admins have the option to restrict access to folders inside a project area, by setting the sharing option to "Deny access". This option is intended as a way to override existing access permissions for a user or group, and as such it always takes precedence over them. If you find yourself needing to "un-deny" a denied access, i.e. giving access again to a subfolder of a folder that was denied, here you find some suggestions about how you can implement that for two common scenarios:
+In addition, project admins have the option to restrict access to folders inside a project area, targeting users or groups that already had access: this can be achieved by creating an [authenticated share](../sharing/auth-share.md) where the permission is set to "Deny access". This option is intended as a way to override existing access permissions for a user or group, and as such it always takes precedence over them. If you find yourself needing to "un-deny" a denied access, i.e. giving access again to a subfolder of a folder that was denied, here you find some suggestions about how you can implement that for two common scenarios:
 
 1. User `U` is member of the `cernbox-project-myproject-readers` e-group, therefore access is granted to the whole project `/eos/project/m/myproject`. Then, a `deny` is set to `/eos/project/m/myproject/not-for-U`, and `/eos/project/m/myproject/not-for-U/public` should instead be accessible to `U`. Consider removing `U` from the -readers e-group, and just share `/eos/project/m/myproject/not-for-U/public` with `U`. Alternatively, move the `not-for-U/public` folder higher in the folder tree, e.g. at the top.