--- a/doc/hgrc.5.txt	Wed Dec 01 10:21:40 2010 +0100
+++ b/doc/hgrc.5.txt	Wed Dec 01 10:52:31 2010 +0100
@@ -925,7 +925,29 @@
 
 ``web``
 """""""
-Web interface configuration.
+
+Web interface configuration. The settings in this section apply to
+both the builtin webserver (started by :hg:`serve`) and the script you
+run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI
+and WSGI).
+
+The Mercurial webserver does no authentication (it does not prompt for
+usernames and passwords to validate *who* users are), but it does do
+authorization (it grants or denies access for *authenticated users*
+based on settings in this section). You must either configure your
+webserver to do authentication for you, or disable the authorization
+checks.
+
+For a quick setup in a trusted environment, e.g., a private LAN, where
+you want it to accept pushes from anybody, you can use the following
+command line::
+
+    $ hg --config web.allow_push=* --config web.push_ssl=False serve
+
+Note that this will allow anybody to push anything to the server and
+that this should not be used for public servers.
+
+The full set of options is:
 
 ``accesslog``
     Where to output the access log. Default is stdout.