diff --git a/articles/flow/security/vaadin-security-configurer.adoc b/articles/flow/security/vaadin-security-configurer.adoc
index 95d10837ad..39a892e1a7 100644
--- a/articles/flow/security/vaadin-security-configurer.adoc
+++ b/articles/flow/security/vaadin-security-configurer.adoc
@@ -172,7 +172,7 @@ Enables or disables configuration of `NavigationAccessControl`. `NavigationAcces
 public VaadinSecurityConfigurer anyRequest(Consumer<AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizedUrl> anyRequestAuthorizeRule)
 ----
 
-Configures the access rule for any request not matching other configured rules. The default rule is to require authentication, which is the equivalent of passing `AuthorizedUrl::authenticated()` to this method.
+Configures the access rule for any request not matching other configured rules. The default rule is to forbid the access, which is the equivalent of passing `AuthorizedUrl::denyAll()` to this method. This means that extra security rules (path matchers) are required for protected URLs not handled by the framework.
 
 [source,java]
 ----