I've been running zope through apache for years and years now, and I have a new machine set up with apache 2.0.48 and zope (Zope 2.8.0-final, python 2.3.5, linux2) Using Identical Vhost configuration settings from an old machine all has been well, up until about 5 days ago, when I noticed the machine getting slammed, and wierd logs started showing up like: xxx.xxx.xxx.xxx - - [14/Oct/2005:14:09:06 -0700] "GET http://partners.mygeek.com:80/search.jsp?partnerid=98885&pagesize=12 HTTP/1.1" 403 406 (IP removed to protect the guilty) In my quick research to try to determine the problem, I found people advising to turn "ProxyRequests Off", which I did, but did not have any effect. Luckily this is just a development server, not a live production server, so its not super critical, but I'm nervous now that my production server might be in the same state... Here is a sample vhost.conf entry: NameVirtualHost 192.168.1.32 <VirtualHost 192.168.1.32> ServerName www.greengraphics.net ServerPath /var/www/greengraphics/www DocumentRoot /var/www/greengraphics/www ServerAdmin webmaster RewriteEngine On TransferLog logs/Vhost-greengraphics-access.log ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://192.168.1.32:8080/VirtualHostBase/http/www.greengraphics.net:80/green... ProxyPassReverse / http://192.168.1.32:8080/VirtualHostBase/http/www.greengraphics.net:80/green... </VirtualHost> mod_proxy.conf looks like: <IfDefine HAVE_PROXY> <IfModule !mod_proxy.c> LoadModule proxy_module modules/mod_proxy.so #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so </IfModule> </IfDefine> <IfModule mod_proxy.c> # # Proxy Server directives. Uncomment the following lines to # enable the proxy server: # ProxyRequests Off <Proxy *> Order deny,allow Deny from all # Allow from .your-domain.com </Proxy> # # Enable/disable the handling of HTTP/1.1 "Via:" headers. # ("Full" adds the server version; "Block" removes all outgoing Via: headers) # Set to one of: Off | On | Full | Block # ProxyVia On # End of proxy directives. </IfModule> any suggestions? places to look to verify security? Thanks! -ed