---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- In the constructor of AuthenticatedServerSocket is the initialization of filterList supposed to be completely commented out (lines 129-133)? The net effect seems to be that the filtered address list is always null and no address filtered ever takes place. If I'm off in left field on this one please explain how to use security.allowedAddresses. I've checked the cvs sources and I'm looking at the most recent version of the file. Adding the unconditional initialization of this.filterList from filterList seems to make the allowedAddresses feature work again. (add line 134) this.filterList = filterList; I'm running this in Win32 (NT 4.0) under Apache 1.3.11. In my jserv.properties I have the following line security.allowedAddresses=127.0.0.1,<my.ip.address.here> I have an Apache web server (1.3.11) on another computer with a JServ (1.1) zone pointing at my computer. That web server / jserv is able to run servlets in the zone configured to be on my computer. JServ.log on my computer shows Connection from <insert-other-computer/its.ip.address.here>. I would have expected to see Connections from <insert-other-computer/its.ip.address.here> are not allowed. Thanks, Dan -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives and Other: <http://java.apache.org/main/mail.html> Problems?: [EMAIL PROTECTED]