We are in the process of setting up access control for our new Intranet which is Plone and Zope application running on port 8080. The access control should allow all our company users within the Firewall read access to the Intranet server without login. Outside the Firewall, all users have to authenticate to have read access. We are using Apache modules mod_auth_ldap for access control and mod_rewrite to map the URL and into a shorter friendly domain name with the standard http port 80. The mod_auth_ldap configuration and mod_rewrite configuration work well separately but create problems when we try to put them together. The main problem, we have is the authentication directives work only under the context of "directory" and because the Plone & Zope is a separate application server running under a different port, the mod_rewrite module can not be run under the context of "directory". Please have a look at the current Apache configuration below. The mod_rewrite part works OK but no authentication happens. There may be another solution to the problem and I would be grateful to hear your comments and suggestions. I know the information I've given you may not be detailed enough, but I will be happy to discuss it with you if you need more details ... <VirtualHost *:80> ServerName intranet.mycompany.com RewriteEngine On RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/http/intranet.mycompany.com:80/Plone/V... [L,P] <Directory /> order deny,allow deny from all allow from 172.24 AuthType Basic AuthName "Company Intranet" LDAP_Debug On LDAP_Server ldap.company.com LDAP_Connect_Timeout 1000 Base_DN "o=company" require valid-user Satisfy any </Directory> </VirtualHost> thanks, Daniel.