In post which Peter Lawton posted it a while ago about Java forms I haven¦t noticed any problems on those sites. But let¦s say, I have similar problems with Java forms. I have published web server using secure web server publishing rules. What I¦ve done is.. defined listener, attached SSL certificate to listener, next, click, finished. I used host headers for identifing web server which uses https, done, everything works well, I have access through all site fine. Particular web server has implementation of Java forms by our developers. Oooph, developers, developers, developers :-) Since everything worked out, I wanted to include authentication on web server using listener¦s domain log on authentication, which actually works well, but when Java applets gets loaded through web, it loads with some errors. I have asked Java applet designers-coders beacause they provide us official support, they said that no http headers should be modified. Particulary sections KEEP-ALIVE and PRAGMA ?? O.K. I can understand for KEEP-ALIVE, but what is PRAGMA?? Anyway, I¦ve tried some settings on web listener options, preferences, RSA SecurID. None of these options works fine in combination if I am using domain authentication on listener. Does anybody knows how to exclude any http filtering on custom defined listeners, through registry or else ? If it is possible, am I degrading application filtering security on ISA server. "Bit" of text :-) isn¦t it. Anyway thanks a lot guys.