Greetings everyone, As part of a re-engineering of our Zope infrastructure, I'm tasked with finding any documentation out there on how to secure Zope sites in a best-practices sort of way. Anyone got any pointers? Also, we're fronting Zope with Apache using mod_proxy to relay requests through. We'd like to block Zope management-type URLs from coming through the Apache server and hitting the Zope server (we'll do our management directly to the Zope instance). For this, I need to figure out what special patterns signify a Zope management URL. Some patterns I know about already include: /.*/[^/]*manage[^/]*$ (Any URL whose last component (excluding args) includes 'manage') /acl_users/ ^/Control_Panel.* ^manage_addProduct/ ^manage/ Any others? -roy Content-Type: text/plain; charset="iso-8859-1" ------------------------------------------------- PLEASE READ THIS WARNING: All e-mail sent to or from this address will be received or otherwise recorded by the Fisher Investments corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient.