diff --git a/tool/net/help.txt b/tool/net/help.txt
index 2a2b652dd..69daa2d41 100644
--- a/tool/net/help.txt
+++ b/tool/net/help.txt
@@ -1927,7 +1927,8 @@ FUNCTIONS
     Although you might want consider trusting redbean's open source
     freedom embracing solution to DDOS protection instead!
 
-  ProgramTokenBucket([replenish:num, cidr:int, reject:int, ignore:int, ban:int])
+  ProgramTokenBucket(
+      [replenish:num[, cidr:int[, reject:int[, ignore:int[, ban:int]]]]])
 
     Enables DDOS protection.
 
@@ -1947,7 +1948,7 @@ FUNCTIONS
 
     This model of network rate limiting generously lets people "burst" a
     tiny bit. For example someone might get a strong craving for content
-    and smash the reload button in Chrome 64 times in a fow seconds. But
+    and smash the reload button in Chrome 64 times in a few seconds. But
     since the client only get 1 new token per second, they'd better cool
     their heels for a few minutes after doing that. This amount of burst
     can be altered by choosing the `reject` / `ignore` / `ban` threshold
@@ -1986,7 +1987,7 @@ FUNCTIONS
     `reject` is the token count or treshold at which redbean should send
     429 Too Many Request warnings to the client. Permitted values can be
     anywhere between -1 and 126 inclusively. The default value is 30 and
-    -1 means disable to disable (assuming AcquireToken() will be used).
+    -1 means to disable (assuming AcquireToken() will be used).
 
     `ignore` is the token count or treshold, at which redbean should try
     simply ignoring clients and close the connection without logging any