diff --git a/doc/http-backend.mkd b/doc/http-backend.mkd
index 105cf9a..2f6b0c2 100644
--- a/doc/http-backend.mkd
+++ b/doc/http-backend.mkd
@@ -15,6 +15,7 @@ In this document:
* setup apache
* usage
* allowing anonymous access
+ * ssh + http access and the `GIT_HTTP_EXPORT_ALL` variable
----
@@ -121,6 +122,7 @@ from those in the manpage cited above, plus we have one extra variable:
SetEnv GIT_PROJECT_ROOT /var/www/gitolite-home/repositories
SetEnv GIT_HTTP_EXPORT_ALL
+ # please see notes below on ssh+http access
ScriptAlias /git/ /var/www/gitolite-home/bin/gl-auth-command/
# note trailing slash
@@ -184,6 +186,35 @@ Briefly, here's how:
URLs (in this example) will then look like `http://server/gitmob/reponame.git`
-- we lose the userid:passwd part and change 'git' to 'gitmob'.
+
+
+### ssh + http access and the `GIT_HTTP_EXPORT_ALL` variable
+
+This document only talks about setting up access to a set of git repositories
+purely via smart http. The `GIT_HTTP_EXPORT_ALL` variable must be set for
+such environments.
+
+However, it is possible to allow both ssh as well as http access, perhaps
+using suexec to make the CGI run under the 'git' user [detailed documentation
+patches welcome!] For those environments, this variable is not mandatory.
+
+If you omit that variable, you can decide which repo is accessible via http by
+setting `R = daemon` just for those repos.
+
+Please note that there is no way to use "deny" rules for *read* access. Do
+not try:
+
+ repo gitolite-admin
+ - = daemon
+
+ repo @all
+ R = daemon
+
+to achieve the (possibly common) need for disallowing http access to the admin
+repo.
+
+----
+
Enjoy!
[mob]: http://github.com/sitaramc/gitolite/blob/pu/doc/mob-branches.mkd