ACL extension on main mercurial repository

I have the following setup on my servers hgrc file:

[extensions]
acl =

[acl]
sources = serve, push

[acl.allow]

I was expecting this would block my clients from pushing anything to the repository, however they can still push fine. When I try and push from the server, I get the desired result of not being able to push anything.

Does the ACL extension rely on editing each clients hgrc file? Doesn't seem like that's very helpful if they can just change their own access.

Thanks for any help!

I got this to work by removing the

[acl]
sources= server, push

section of my hgrc file. I read that you don't normally need to configure this, so I just removed it and everything seems to be working as desired now!