Hi list, I've experienced strange entries in the transfer.log of my apache 1.3.23. This apache is protected via .htaccess files and is the only service I provide to selected users. The entries look like this: aaa.bbb.ccc.ddd - - [31/Jan/2004:00:01:29 +0100] "GET / HTTP/1.1" 401 494 65.166.64.132 - - [31/Jan/2004:00:01:30 +0100] "GET / HTTP/1.1" 401 494 aaa.bbb.ccc.ddd - - [31/Jan/2004:00:09:00 +0100] "GET / HTTP/1.1" 401 494 217.169.46.98 - - [31/Jan/2004:00:09:01 +0100] "GET / HTTP/1.1" 401 494 aaa.bbb.ccc.ddd - - [31/Jan/2004:00:17:41 +0100] "GET / HTTP/1.1" 401 494 65.245.128.68 - - [31/Jan/2004:00:17:42 +0100] "GET / HTTP/1.1" 401 494 aaa.bbb.ccc.ddd is the ip of one of my users who is just accessing the htaccess-dialog. Every request that is made, is doubled from a different ip. If the user logs in with a valid account then the "doubled" request gets a 401. Is this a security problem at my site? How can I prevent this without limiting access to certain ip addresses? I'm using SuSE 8.0 with all patches applied. Any hint is appreciated. Thanks in advance. Regards, Andreas