Hello, Apache is listening on port 80 and 443, Zope listening on port 8080. When a request comes in for port 443 (or HTTPS) Apache forwards the request to Zope on port 8080 and sends the results back out thru SSL, just as it should. If a user goes to https://mysite.com/PasswordProtectedArea/ an SSL connection is created and the password is forwarded to Zope after it's been sent thru SSL. However, if the user goes to http://mysite.com:8080/PasswordProtectedArea/ Apache never sees the request and it goes straight to Zope. The user is then prompted for a password, which would be sent back to Zope without SSL. So my question is, how do I keep Zope from accepting any requests from the outside world unless they've gone thru Apache first? Can I tell Zope to listen on something like 192.168.1.123:8080 so that it will never see requests from the outside world? TIA, Eric.