I am trying to disallow anonymous access for all but a handful of domains. This is easy to do with Apache, but how can it be done with Zope? The only thing I could think of was to have the following in the standard_html_header. <dtml-if "AUTHENTICATED_USER == 'Anonymous User'" > {if remote address is acceptable} {show the true page} {else show an error message} <dtml-else> {show the true page} </dtml-if> However the above expression never evaluates to true even when <dtml-var AUTHENTICATED_USER> shows 'Anonymous User' on the same page. If I try to use string.find(), Zope complains that AUTHENTICATED_USER is a bad arguement. Is there someway to salvage what I'm doing, or better yet is there a simpler mechanism to achieve this goal? Thanks. -- Guy Davis mailto:davis@arc.ab.ca (403) 210-5334 Alberta Research Council