I have several sites running next to each other, each in its own folder, all in a folder called "sites", located under root, like this... / /sites /foo /boo /moo If I am viewing http://foo.com, I see the content from the folder sites/foo. But if I type http://foo.com/sites/boo, I get to view the content from (duh) sites/boo instead of saying 404: Stuff Not Found, or 666: Stay the Heck Outa Here (either of those would be fine, I think) Any ideas how I stop this security problem, this "acquisition leak"? In what folder (sites? foo?) do I tweak the security settings, and how? I tried re-reading the Zope Book chapter about Security, and it is great for User management, but not for stopping acquisition when you don't want it to acquire. A suggestion from the IRC gang was that this could be a VHM bug, but that's not it because it also happens on naked Zope going in through port 8080, where VHM would not be involved. =Paul