Roland C. Reumerman writes:

Now it seems that somehow the combination of Zope-generated authenticated headers and the firewall redirection rule do not match: does the header include URL information? That would imply it tries to access www.datadistilleries.com:8080/ddsn (Zope generated port) instead of plainly www.datadistilleries.com:80/ddsn (firewall listen port). I know, that basic authentication is sent by the browser on a domain basis. I do not know, where the domain information originates, but it may well be Zope.

You may want to use Shanes excellent "tcpwatch" utility to analyse what really happens between the server and your browser. Alternatively, you may have a look at SiteAccess. This Zope product helps you handle these forms of redirection. Even, if your authentication problem could be solved without it, you will soon hit other problems that require SiteAccess. Thus, go directly for it. Dieter