I'm not sure exactly why, but the mod_rewrite rules examples which are in doc/WEBSERVER.txt didn't work well for me. Mainly, they didn't handle authentication at all and should have: RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^/Zope/(.*) /usr/local/apache/cgi-bin/Zope.cgi/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] This looks like it ought to work (this is my first experience with mod_rewrite), except that I think it always sets HTTP_CGI_AUTHORIZATION, even if no Authorization header was present. That may be what confuses Zope (HTTP_CGI_AUTHORIZATION=""). So I ended up hacking my own. My goals were a little different as well: I wanted the top-level of the site to be Zope without any special Zope references, and I also needed to be able to leave my normal ~user/public_html stuff available. Eventually I came up with this. Maybe it'll be useful to someone else. Yes, the user name could be matched by a regex and substituted back in, but I'm the only user, and I'm not in the mood to break it again. :) You'll probably want to just skip the first RewriteCond/RewriteRule pair. And the other two rules could probably be combined as well, but it ain't broke, so I'm not fixing it... RewriteEngine on RewriteLog /home/adustman/Zope-2.0.0a4-src/var/rewrite.log RewriteLogLevel 0 RewriteCond %{REQUEST_FILENAME} ^/~adustman/(.*) RewriteRule ^/~adustman/(.*) /home/adustman/public_html/$1 [S=4] RewriteCond %{REQUEST_FILENAME} ^/(.*) RewriteRule ^/(.*) /home/httpd/cgi-bin/Zope.cgi/$1 [t=application/x-httpd-cgi] RewriteCond %{HTTP:Authorization} ^(.+) RewriteRule ^/(.*) /$1 [ENV=HTTP_CGI_AUTHORIZATION:%1] -- andy dustman | programmer/analyst | comstar communications corporation telephone: 770.485.6025 / 706.549.7689 | icq: 32922760 | pgp: 0xc72f3f1d