[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Identical http request in log file
I've experienced strange entries in the transfer.log of my apache 1.3.23.
This apache is protected via .htaccess files and is the only service I
provide to selected users.
The entries look like this:
aaa.bbb.ccc.ddd - - [31/Jan/2004:00:01:29 +0100] "GET / HTTP/1.1" 401 494
22.214.171.124 - - [31/Jan/2004:00:01:30 +0100] "GET / HTTP/1.1" 401 494
aaa.bbb.ccc.ddd - - [31/Jan/2004:00:09:00 +0100] "GET / HTTP/1.1" 401 494
126.96.36.199 - - [31/Jan/2004:00:09:01 +0100] "GET / HTTP/1.1" 401 494
aaa.bbb.ccc.ddd - - [31/Jan/2004:00:17:41 +0100] "GET / HTTP/1.1" 401 494
188.8.131.52 - - [31/Jan/2004:00:17:42 +0100] "GET / HTTP/1.1" 401 494
aaa.bbb.ccc.ddd is the ip of one of my users who is just accessing the
htaccess-dialog. Every request that is made, is doubled from a different ip.
If the user logs in with a valid account then the "doubled" request gets a
Is this a security problem at my site? How can I prevent this without
limiting access to certain ip addresses? I'm using SuSE 8.0 with all patches
Any hint is appreciated. Thanks in advance.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here