My thanks to Kent Polk for reminding me where I'd seen the bit in the Manager's Guide which allows you to use Zope's built-in security mechanisms by setting the 'Domain' rules for an acl_users user name (you need to set a dummy user for this purpose). Thanks also to Rob Page who (off list) took time out to show me how to do it "manually". I append Rob's DTML code. Paul -- The Library, Tyndall Avenue, Univ. of Bristol, Bristol, BS8 1TJ, UK E-mail: paul.browning@bris.ac.uk URL: http://www.bris.ac.uk/ One of many ways to do this would be to break apart the IP address with something like: <!--#var standard_html_header--> <!--#comment--> Display the remote address just for fun... <!--#/comment--> <!--#var REMOTE_ADDR--> <!--#comment--> This next statement takes the REMOTE_ADDR variable and breaks it into four tokens using the period as the split character. The result is an array called IP_Address_Octets. This array is then stuffed into the address space of the REQUEST making it available later in this document. <!--#/comment--> <!--#var expr="REQUEST.set('IP_Address_Octets', _.string.split(REMOTE_ADDR,'.'))" fmt=""--> <!--#comment--> Show what we just did <!--#/comment--> <!--#var IP_Address_Octets--> <!--#comment--> Now we can compare the four elements to something we're testing for... <!--#/comment--> <!--#if expr="IP_Address_Octets[0] == '137' and IP_Address_Octets[1] == '222'"--> <P>Octet 1 and 2 are localhost</P> <P>You can see this</P> <!--#else--> <!--#var permission_denied_message--> <!--#/if--> <!--#var standard_html_footer-->