diff --git a/dev/install/install.php5 b/dev/install/install.php5
index 0d34d2d2b..2785867f7 100755
--- a/dev/install/install.php5
+++ b/dev/install/install.php5
@@ -1496,24 +1496,26 @@ HTML;
 		else $baseClause = "";
 		$modulePath = FRAMEWORK_NAME;
 		$rewrite = <<<TEXT
+# Deny access to templates (but allow from localhost)
 <Files *.ss>
 	Order deny,allow
 	Deny from all
 	Allow from 127.0.0.1
 </Files>
 
+# Deny access to IIS configuration
 <Files web.config>
 	Order deny,allow
 	Deny from all
 </Files>
 
-# This denies access to all yml files, since developers might include sensitive
-# information in them. See the docs for work-arounds to serve some yaml files
+# Deny access to YAML configuration files which might include sensitive information
 <Files *.yml>
 	Order allow,deny
 	Deny from all
 </Files>
 
+# Route errors to static pages automatically generated by SilverStripe
 ErrorDocument 404 /assets/error-404.html
 ErrorDocument 500 /assets/error-500.html
 
@@ -1522,10 +1524,13 @@ ErrorDocument 500 /assets/error-500.html
 	RewriteEngine On
 	$baseClause
 
+	# Deny access to potentially sensitive files and folders
 	RewriteRule ^vendor(/|$) - [F,L,NC]
 	RewriteRule silverstripe-cache(/|$) - [F,L,NC]
 	RewriteRule composer\.(json|lock) - [F,L,NC]
 	
+	# Process through SilverStripe if no file with the requested name exists.
+	# Pass through the original path as a query parameter, and retain the existing parameters.
 	RewriteCond %{REQUEST_URI} ^(.*)$
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteRule .* $modulePath/main.php?url=%1 [QSA]