fowlertrainer@anonym.hu wrote at 2004-7-23 08:36 +0200:

... It is an intranet site, but some functions are needed to access from "outernet".

I don't want to anyone manage my site from outside. How to prevent these requests ?

A "PostAuthenticationHook" might help you. In such a hook, you can check whether the current user has a "Manager" role and raise "Unauthorized" when it comes from outside your intranet. Zope does not support "PostAuthenticationHooks" out of the box (I think, at least). But there are two implementations around: one is in the Zope collector, the other is on my Zope page <http://www.dieter.handshake.de/pyprojects/zope> -- Dieter