Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows users to edit and manage files collaboratively on remote World Wide Web servers.
Installing WebDAV in debian
First install apache using the following command
#aptitude install apache2
Enable the WebDAV modules using the following commands
#a2enmod dav_fs
#a2enmod dav
Restart Apache server
#/etc/init.d/apache2 restart
Creating A Virtual Host in Apache
Now create a default Apache vhost in the directory /var/www/webdav. We will modify the default Apache vhost configuration in /etc/apache2/sites-available/default. If you already have a vhost for which you’d like to enable WebDAV, you must adjust this tutorial to your situation.
First, we create the directory /var/www/webdav and make the Apache user (www-data) the owner of that directory
#mkdir -p /var/www/webdav
#chown www-data /var/www/webdav
Then we back up the default Apache vhost configuration (/etc/apache2/sites-available/default) and create our own one
#mv /etc/apache2/sites-available/default /etc/apache2/sites-available/default.original
#vi /etc/apache2/sites-available/default
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/webdav
<Directory /var/www/webdav>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Restart Apache server
#/etc/init.d/apache2 reload
Configure The Virtual Host For WebDAV
Now we create the WebDAV password file /var/www/webdav/passwd.dav with the user test
#htpasswd -c /var/www/webdav/passwd.dav testnew
You will be asked to type in a password for the user testnew
Now we change the permissions of the /var/www/webdav/passwd.dav file so that only root and the members of the www-data group can access it
#chown root:www-data /var/www/webdav/passwd.dav
#chmod 640 /var/www/webdav/passwd.dav
Now we modify our vhost in /etc/apache2/sites-available/default and add the following lines to it
#vi /etc/apache2/sites-available/default
Alias /webdav /var/www/webdav
<Location /webdav>
DAV On
AuthType Basic
AuthName “webdav”
AuthUserFile /var/www/webdav/passwd.dav
Require valid-user
</Location>
The Alias directive makes (together with <Location>
) that when you call /webdav, WebDAV is invoked, but you can still access the whole document root of the vhost.
Reload Apache server
#/etc/init.d/apache2 reload
Testing your WebDAV
We will now install cadaver,cadaver is a command-line WebDAV client for Unix. It supports file upload, download, on-screen display, namespace operations (move/copy), collection creation and deletion, and locking operations.
#apt-get install cadaver
To test if WebDAV works use the following command
#cadaver http://localhost/webdav/
You should be prompted for a user name. Type in test and then the password for the user testnew. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell.
Never, **never**, put password files under a web accesible directory.
In this example, any user can take passwd.dav file via http request.
Passwords for all users are not directly readable (there are “crypted”),
but it’s easy to crack it using brute force and/or dictionary attack
(and there are a lot of tools to do that out there).
Safe place for that file could be /var/www/passwd.dav or even better (i
think) /etc/apache2/passwd.dav
I agree with Core: *DON’T PUT passwd.dav UNDER BROWSABLE DIRECTORY*: use /etc/apache2/passwd.dav instead of.
Wahoo! Very nice tutorial. Thank you! It worked for me. But I put the passwd.dav file to “/etc/apache2/” as Fabrizio has recommended. 😉