diff --git a/slapos/recipe/erp5/__init__.py b/slapos/recipe/erp5/__init__.py
index df9f1959ec27681ce3dfdd49350ce7dd6c8b8ed7..b0a4dda45d25ef825e1f2f3b48b50837b095b4ee 100644
--- a/slapos/recipe/erp5/__init__.py
+++ b/slapos/recipe/erp5/__init__.py
@@ -794,6 +794,8 @@ class Recipe(BaseSlapRecipe):
               config=apache_config_file
             )
           ]))
+    # Note: IPv6 is assumed always
+    return 'https://[%(ip)s]:%(port)s' % apache_conf
 
   def installBackendApache(self, ip, port, backend, key, certificate,
       suffix='', access_control_string=None):
diff --git a/slapos/recipe/erp5/template/site.zcml b/slapos/recipe/erp5/template/site.zcml
index 648fc6c9970ee7292e7f2fdd722a152e7b621c25..47454428ef0282edeab26b4bb96edf57bce2f33c 100644
--- a/slapos/recipe/erp5/template/site.zcml
+++ b/slapos/recipe/erp5/template/site.zcml
@@ -3,10 +3,10 @@
     xmlns:meta="http://namespaces.zope.org/meta"
     xmlns:five="http://namespaces.zope.org/five">
 
-  <include package="Zope2.App" />
   <include package="Products.Five" />
   <meta:redefinePermission from="zope2.Public" to="zope.Public" />
 
+
   <!-- Load the meta -->
   <include files="package-includes/*-meta.zcml" />
   <five:loadProducts file="meta.zcml"/>
@@ -19,7 +19,8 @@
   <includeOverrides files="package-includes/*-overrides.zcml" />
   <five:loadProductsOverrides />
 
+
   <securityPolicy
-      component="AccessControl.security.SecurityPolicy" />
+      component="Products.Five.security.FiveSecurityPolicy" />
 
 </configure>
diff --git a/slapos/recipe/vifib.py b/slapos/recipe/vifib.py
index d092663a2ed5e1a50390d22c229c82013e70629e..a33248f6e3cd2834c7594079de26ec494512e240 100644
--- a/slapos/recipe/vifib.py
+++ b/slapos/recipe/vifib.py
@@ -147,6 +147,9 @@ SSLCARevocationPath %(ca_crl)s"""
         login_url_list)
     apache_login = self.installBackendApache(self.getGlobalIPv6Address(), 15000,
         login_haproxy, backend_key, backend_certificate)
+    apache_frontend_login = self.installFrontendZopeApache(
+        self.getGlobalIPv6Address(), 4443, 'vifib', '/',
+        apache_login, '/', backend_key, backend_certificate)
     # Four Web Service Nodes (Machine access)
     service_url_list = []
     for i in (1, 2, 3, 4):
@@ -170,6 +173,7 @@ SSLCARevocationPath %(ca_crl)s"""
         known_tid_storage_identifier_dict, 'http://'+login_haproxy)
     self.linkBinary()
     self.setConnectionDict(dict(
+      front_end_url=apache_frontend_login,
       site_url=apache_login,
       site_user=user,
       site_password=password,
diff --git a/software/vifib/software.cfg b/software/vifib/software.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..5a5fc10f5caf084676cdcc56762f74cb2734c592
--- /dev/null
+++ b/software/vifib/software.cfg
@@ -0,0 +1,31 @@
+[buildout]
+extends =
+  ../erp5/software.cfg
+
+parts +=
+  vifib
+
+[eggs]
+eggs += slapos.core
+
+[instance-recipe]
+egg = slapos.cookbook
+module = vifib
+
+[vifib]
+# Recipe zerokspot.recipe.git is disabled, as is not possible to change its
+# environment to use localy delivered git.
+# plone.recipe.command can do same job, but it is controllable which binary
+# will be used
+recipe = plone.recipe.command
+location = ${buildout:parts-directory}/${:_buildout_section_name_}
+stop-on-error = true
+repository = http://git.erp5.org/repos/slapos.core.git
+command = ${git:location}/bin/git clone --quiet ${:repository} ${:location}
+update-command = cd ${:location} && ${git:location}/bin/git pull --quiet
+
+[products]
+# XXX: Lack of eggification workaround
+# list of products, possible to extend, it is passed in reversed way
+# to allow overriding during extending profile
+list = ${products-deps:location} ${erp5:location}/product ${vifib:location}/master/product
diff --git a/stack/erp5.cfg b/stack/erp5.cfg
index b5b8c12690c01adb1e243df8ae2527281bdfb453..fb29895a3764f8457aba79415c26d76cbae25e6b 100644
--- a/stack/erp5.cfg
+++ b/stack/erp5.cfg
@@ -9,6 +9,22 @@ find-links =
     http://dist.repoze.org
     http://www.nexedi.org/static/packages/source/
 
+# Separate from site eggs
+allowed-eggs-from-site-packages =
+include-site-packages = false
+exec-sitecustomize = false
+
+# Use only quite well working sites.
+allow-hosts =
+  *.nexedi.org
+  *.python.org
+  *.sourceforge.net
+  dist.repoze.org
+  effbot.org
+  github.com
+  psutil.googlecode.com
+  www.dabeaz.com
+
 extends =
 # Exact version of Zope
   http://svn.zope.org/repos/main/Zope/tags/2.12.18/versions.cfg