I would like to force users to manage a Zope/Plone site through SSL, and only through SSL. I have a site http://www.site.com:80, which is also directly accessible as https://www.site.com:443. The problem about forcing SSL for authenticated members is that with Apache, I can only really do so for a subdirectory. So if the site would be viewed at directory / (e.g. /products/fly), but all authenticated members see the site as /authenticated (e.g. /authenticated/products/fly), then Apache's Redirect could be used. However, Zope doesn't use different paths for authenticated and anonymous members. Since every page rendered uses standard_html_header, could I put a DTML Method or Python script in there that does the following: - Check if the access is by an authenticated member. - if yes: check for presence of the string 'https' in request/PATH_INFO - if not present: redirect to another URL How would that look? I don't know how to check for membership or how to issue an HTTP Redirect. Thanks! -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc all information contained in the above is false, for reasons of military security.