I've a big problem with security!! I use apache with mod_proxy and rewriterule with zope for a single site in cmf and there are a lot of server that use my apache as proxy! I know that mod_proxy is open by default so i've inserted in httpd.conf <LocationMatch "^[^/]"> Deny from all </LocationMatch> without result. My site work with ip and is: Win 2000 server Zope 263 Apache 2.0.48 The httpd.conf is ServerRoot "C:/Programmi/Apache Group/Apache2" PidFile logs/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 <IfModule mpm_winnt.c> ThreadsPerChild 250 MaxRequestsPerChild 0 </IfModule> Listen 217.xx:80 LoadModule access_module modules/mod_access.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_module modules/mod_auth.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule userdir_module modules/mod_userdir.so ServerAdmin admin@xxx.it ServerName yy.xxx.it:80 UseCanonicalName Off DocumentRoot "C:/Programmi/Apache Group/Apache2/htdocs" <Directory /> Options FollowSymLinks AllowOverride None </Directory> DirectoryIndex index.html AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> TypesConfig conf/mime.types DefaultType text/plain HostnameLookups Off ErrorLog logs/error.log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access.log common ServerTokens Full ServerSignature On ScriptAlias /cgi-bin/ "C:/Programmi/Apache Group/Apache2/cgi-bin/" <Directory "C:/Programmi/Apache Group/Apache2/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> <LocationMatch "^[^/]"> Deny from all </LocationMatch> <VirtualHost *:80> RewriteEngine On RewriteCond %{HTTP_HOST} ^.*:80$ RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/$1 [L,P] </VirtualHost> <VirtualHost 217.xx:80> NameVirtualHost 217.xx:80 CustomLog logs/sito-access_log combined ErrorLog logs/sito-error_log ServerName 217.xx ServerAdmin admin RewriteEngine on RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/217.xx:80/sito.it/VirtualHostRoot /$1 [L,P] </VirtualHost> Can you help me?? Massimiliano