Volker thinks that IIS provides much better ways than the ASP404 approach.
Actually, Volker's method is an anternative, and not necessarily a much better way than ASP404, by his own words. For one thing, the method he discovered is a redirect. Also, the client sees the VHM URL, which we usually want to hide since it adds no value to the end user. I don't like the concept of the ASP404 approach either, but so far it has been the closest analog to the Apache paroxypass architecture which is our preferred way of deploying Zope on Unix. Like proxypass, ASP404 gives us full control of the URLs, and allows the Zope server to be protected from the Internet, exposing only IIS. I don't know whether Zope is more or less vulnerable than IIS, but some of our larger customers have security teams who know IIS but don't grok Zope, so redirecting is not an option. -- Luciano