How do you know that the SBC dial-up user and the Comcast cable user have no reason to be on your site?

It's possible they were trying to log in, but that could be curiosity, rather than malicious activity -- There's no way to tell except by watching their long-term behaviour.

The last entry belongs to a corporation, which may or may not have had a valid reason to be visiting you, but the other two could just be users.

You can control access to your site by IP address if you wish, but you need to be aware of a couple of things:
First, IP addresses are not assigned in any particular order, so, for example, it takes several hundred lines of code to block, say, China, while allowing Australia and New Zealand through.

Second, all these hundreds of lines of code are executed for each HTTP request to your server, that is, once for each page, and once again for each image, external JS or CSS file, etc. on that page. Because of this, the impact on server performance can be large. For that reason, a hardware firewall is a better solution if you need to block or allow a large number of IP addresses or address ranges.

You also have to keep up with the day-to-day changes in IP range assignments; A range of addresses previously allocated to a country or area in which you have no interest could be re-assigned to serve users in your prime market area.

If, on the other hand, you have a very short list of IP addresses or IP address ranges you want to allow, then that can be implemented easily, and should be fairly easy to maintain as long as those IP addresses are static and not dynamically-assigned.

I'm not sure what the scope of your question is -- more info on blocking by country can be found by searching for GeoIP and similar keywords.

Jim

I just now received this log entry:

71.8.***.75 "GET / HTTP/1.0" 401 476

The way I know that SBC or a Comcast cable user are not "supposed" to access my site/ server is that I created this server for a select handful of people and none of those people have SBC or Comcast cable.

If "they" just "GET / HTTP/1.0" is that a big deal?

Also, I posted a day or two ago concerning creating a password. Thank you very much. I know this doesn't make me "immune" from being hacked but does it reduce the risks of being "hacked?"

>"If, on the other hand, you have a very short list of IP addresses or IP address ranges you want to allow, then that can be implemented easily, and should be fairly easy to maintain as long as those IP addresses are static and not dynamically-assigned."

Regarding the IP issue. I just want to allow only a few (let's say 5) people to access this server as you worded it up there? Do I need to create an .htaccess file or something?

Again much thanks for your help.

Most 'hacks' are not going to be done via HTTP, unless you allow HTTP to activate scripts that have glaring security holes in them. Most real hack jobs are done using FTP -- or even worse -- direct server shell access.

The 401 response shows that your server asked for a password and got an invalid response.

You can use mod_rewrite [httpd.apache.org] or mod_access [httpd.apache.org] to control access by IP address if you don't feel that password protection is adequate.

Jim

Thank you for the information.

Concerning the code for the select users... I tried this in my .htaccess file located in my directory:

Order Deny,Allow
Deny from all
Allow from x.x
Allow from x.x
Allow from x.x

The reason for only the 2 uhh (I really don't know how to term it we could say that x.x is 1.1 which would allow all IP addresses with 1.1 to access my site.)

I didn't change anything in the httpd.default file.

I checked to see if the code worked by entering an IP address other than my IP address but it wouldn't restrict me from accessing the site. Is this because I am the administrator? Or is it because the code above isn't right?

Could you possibly correct the code? I hope it isn't too vague for you not to understand what I am trying to say.

You'll have to flush your browser cache before testing, otherwise, you'll get a cached page from your browser.

Your code looks OK.

The groups of digits are called 'octets' because they are the decimal representation of eight-bit IP address groups.

Jim

I tried to flush the cache out I also made sure I restarted Apache but it still prompted me for a password and allowed me in. Could it be because of me entering a correct password that it would override the .htaccess file?

I also tried to put:

Order Deny,Allow
Deny from all

in my .htaccess file but I still was able to access the site.

This is not of great importance and doesn't require immediate attention.

I was wondering what the HTTP/1.0 was for. Does it give out any information or such?

Thanks.

It sounds like a "Satisfy any" directive is present in one or more of the .htaccess files in the filepath, or in httpd.conf. This would allow access if either the IP is allowed or a correct password is entered.

You can try forcing "Satisfy all" to see if that helps.

See Apache core [httpd.apache.org] Satisfy, and the Apache Authentication primer [httpd.apache.org].

Jim