diff --git a/docs/deploy-authentication.md b/docs/deploy-authentication.md
index f4a5f9d4b..0e2ed653d 100644
--- a/docs/deploy-authentication.md
+++ b/docs/deploy-authentication.md
@@ -14,7 +14,7 @@ to secure your application. To enable it in `big-AGI`, you **must manually build
 
 - Build `big-AGI` with HTTP authentication enabled:
   - Clone the repository
-  - Rename `middleware_BASIC_AUTH.ts` to `middleware_BASIC_AUTH.ts`
+  - Rename `middleware_BASIC_AUTH.ts` to `middleware.ts`
   - Build: follow the build instructions in [Deploy manually](../README.md#-deploy-manually) or [Deploying with Docker](deploy-docker.md)
 
 - Configure the following [environment variables](environment-variables.md) before launching `big-AGI`:
diff --git a/middleware_BASIC_AUTH.ts b/middleware_BASIC_AUTH.ts
index 1bb820a14..8a3ba234f 100644
--- a/middleware_BASIC_AUTH.ts
+++ b/middleware_BASIC_AUTH.ts
@@ -1,14 +1,18 @@
+/**
+ * Middleware to protect `big-AGI` with HTTP Basic Authentication
+ *
+ * For more information on how to deploy with HTTP Basic Authentication, see:
+ *  - [deploy-authentication.md](docs/deploy-authentication.md)
+ */
+
 import type { NextRequest } from 'next/server';
 import { NextResponse } from 'next/server';
 
 
 // noinspection JSUnusedGlobalSymbols
-/**
- * Middleware to protect with HTTP Basic Authentication.
- */
 export function middleware(request: NextRequest) {
 
-  // Validate http basic auth configuration
+  // Validate deployment configuration
   if (!process.env.HTTP_BASIC_AUTH_USERNAME || !process.env.HTTP_BASIC_AUTH_PASSWORD) {
     console.warn('HTTP Basic Authentication is enabled but not configured');
     return new Response('Unauthorized/Unconfigured', unauthResponse);
@@ -48,7 +52,7 @@ export const config = {
     '/',
     // Include pages
     '/(call|index|news|personas|link)(.*)',
-    // Include API routes (the most important part to block)
+    // Include API routes
     '/api(.*)',
     // Note: this excludes _next, /images etc..
   ],