[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Identical http request in log file



Hi list,

I've experienced strange entries in the transfer.log of my apache 1.3.23.
This apache is protected via .htaccess files and is the only service I
provide to selected users.

The entries look like this:

aaa.bbb.ccc.ddd - - [31/Jan/2004:00:01:29 +0100] "GET / HTTP/1.1" 401 494
65.166.64.132 - - [31/Jan/2004:00:01:30 +0100] "GET / HTTP/1.1" 401 494

aaa.bbb.ccc.ddd - - [31/Jan/2004:00:09:00 +0100] "GET / HTTP/1.1" 401 494
217.169.46.98 - - [31/Jan/2004:00:09:01 +0100] "GET / HTTP/1.1" 401 494

aaa.bbb.ccc.ddd - - [31/Jan/2004:00:17:41 +0100] "GET / HTTP/1.1" 401 494
65.245.128.68 - - [31/Jan/2004:00:17:42 +0100] "GET / HTTP/1.1" 401 494

aaa.bbb.ccc.ddd is the ip of one of my users who is just accessing the
htaccess-dialog. Every request that is made, is doubled from a different ip.
If the user logs in with a valid account then the "doubled" request gets a
401.

Is this a security problem at my site? How can I prevent this without
limiting access to certain ip addresses? I'm using SuSE 8.0 with all patches
applied.

Any hint is appreciated. Thanks in advance.

Regards,
Andreas


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here