diff --git a/docs/content/feature/access-control.md b/docs/content/feature/access-control.md
index 90a4a195e..5ffed3d84 100644
--- a/docs/content/feature/access-control.md
+++ b/docs/content/feature/access-control.md
@@ -40,8 +40,8 @@ The source ip used for validation against the defined ruleset is
 taken from information available in the request.
 
 For `HTTP` requests the client `RemoteAddr` is always validated
-followed by the first element of the `X-Forwarded-For` header, if
-present.  When either of these elements match an `allow` the request
+followed by all elements of the `X-Forwarded-For` header, if
+present.  When both of these elements match an `allow` the request
 will be allowed; similarly when either element matches a `deny` the
 request will be denied.