Hello, We just discovered that when using VirtualHostMonster in apache RewriteRules, it is possible to access every content in the zope instance. If the URL points to a subfolder, just like http://localhost:9080/VirtualHostBase/http/www.name.com:80/subfolder/Virtual... then it's still possible to access content below that subfolder on the instance. If $1 is some foldername that doesn't exist in the subfolder bug instead in the root folder of the instance, it's content is returned. An example to make it explicit: Let's assume we have three directories in the root folder of the instance: /project1, /project2 and /project3. The VirtualHostMonster is used to access project2 directly via www.project2.com: RewriteRule ^/(.*) http://localhost:9080/VirtualHostBase/http/www.project2.com:80/project2/Virt... [P] But both project1 and project3 are also accessible through project2.com over the URLs "http://www.project2.com/project1" and "http://www.project3.com/project3". Is this a known issue? I consider that as a quite serious bug, as both project1 and project3 might be private and should not be published over the globally available apache rewriterule. We do use zope2.10.5 on a debian/etch system. greetings, jonas