Hi Jim,
This might have something to do with my other post about the htaccess file for banning hotlinked images. I did try to adjust the code for the htaccess file for hotlinking, so don't know if these errors were because of that. I have since put the coding back to the way it was. But I was curious to know if these errors were due to that change. I had a visitor come on the site in a normal fashion, using a Google search. At first all the codes were http/1.1" 200s. They were on the site for about 30 minutes. They were using the shopping cart. Coding changed to HTTP/1.1" 304 when using the cart. Then they left. They came back an hour later back to the shopping cart and got an HTTP/1.1" 302. But quickly returned to the HTTP/1.1" 304s. Then they tried to login about 15 minutes later and started getting 403 forbidden codes.

97.91.69.nn - - [06/Apr/2011:14:13:36 -0400] "GET /catalog/images/w.gif HTTP/1.1" 403 4243 "h**ps://mysiteA.com/catalog/login.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinTSI 30.12.2009; .NET4.0C; BRI/1; BRI/2)"

When they left the cart, they got the 500 error:

97.91.69.nn - - [06/Apr/2011:12:48:09 -0400] "GET /catalog/images/bunny.jpg HTTP/1.1" 500 3506 "h**p://www.mysiteA.com/catalog/bunnies.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinTSI 30.12.2009; .NET4.0C; BRI/1; BRI/2)"

Then back to the 403 forbidden error:

97.91.69.nn - - [06/Apr/2011:12:48:09 -0400] "GET /catalog/images/bunnies.jpg HTTP/1.1" 403 4243 "h**p://www.mysiteA.com/catalog/bunnies.php" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinTSI 30.12.2009; .NET4.0C; BRI/1; BRI/2)"

They were able to go all the way from trying to login to creating an account and checking shipping rates, all the while Apache throwing 403 errors. How is that possible?

I have since this episode had another customer come on the site and go all the way through the process of buying an item without any problems.

The error logs show these entries:
[Wed Apr 06 12:48:09 2011] [alert] [client 97.91.69.nn] /path to/ .htaccess: deny requires at least two arguments, 'from' followed by hostnames or IP-address wildcards, referer: h**p://www.mysiteA.com/catalog/php page

and these:

[Wed Apr 06 1:48:09 2011] [alert] [client 97.91.69.nn] /path to/.htaccess: RewriteCond: bad argument line '%{HTTP_USER_A', referer: mywebsite
[Wed Apr 06 1:48:09 2011] [alert] [client 97.91.69.nn] /path to/.htaccess: RewriteCond: bad argument line '', referer: mywebsite
[Wed Apr 06 1:48:09 2011] [alert] [client 97.91.69.nn] /path to/.htaccess: RewriteCond: bad argument line '', referer: mywebsite
[Wed Apr 06 1:48:09 2011] [alert] [client 97.91.69.nn] /path to/.htaccess: RewriteCond: bad argument line '%', referer: mywebsite
[Wed Apr 06 1:48:09 2011] [alert] [client 97.91.69.nn] /path to/.htaccess: RewriteCond: bad argument line '%', referer: mywebsite

The visitor also had Apache throwing some 206s. I've never had a visitor go through so many HTTP codes. Is this my server's problem, or was the visitor up to no good?

--Grandma_genie