From 6beeb1b708550be0d4a53b272283e17e5e35fe17 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:01:30 +0200 Subject: Adding upstream version 2.4.57. Signed-off-by: Daniel Baumann --- docs/manual/mod/mod_dav.html.en | 281 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 281 insertions(+) create mode 100644 docs/manual/mod/mod_dav.html.en (limited to 'docs/manual/mod/mod_dav.html.en') diff --git a/docs/manual/mod/mod_dav.html.en b/docs/manual/mod/mod_dav.html.en new file mode 100644 index 0000000..7fd8a91 --- /dev/null +++ b/docs/manual/mod/mod_dav.html.en @@ -0,0 +1,281 @@ + + + + + +mod_dav - Apache HTTP Server Version 2.4 + + + + + + + +
+

Modules | Directives | FAQ | Glossary | Sitemap

+

Apache HTTP Server Version 2.4

+
+
<-
+ +
+

Apache Module mod_dav

+
+

Available Languages:  en  | + fr  | + ja  | + ko 

+
+ + + +
Description:Distributed Authoring and Versioning +(WebDAV) functionality
Status:Extension
Module Identifier:dav_module
Source File:mod_dav.c
+

Summary

+ +

This module provides class 1 and class 2 WebDAV ('Web-based Distributed + Authoring and Versioning') functionality for Apache. This + extension to the HTTP protocol allows creating, moving, + copying, and deleting resources and collections on a remote web + server.

+
+ +
top
+
+

Enabling WebDAV

+

To enable mod_dav, add the following to a + container in your httpd.conf file:

+ + 
Dav On
+ + +

This enables the DAV file system provider, which is implemented + by the mod_dav_fs module. Therefore, that module + must be compiled into the server or loaded at runtime using the + LoadModule directive.

+ +

In addition, a location for the DAV lock database must be + specified in the global section of your httpd.conf + file using the DavLockDB + directive:

+ + 
DavLockDB /usr/local/apache2/var/DavLock
+ + +

The directory containing the lock database file must be + writable by the User + and Group under which + Apache is running.

+ +

You may wish to add a <Limit> clause inside the <Location> directive to limit access to + DAV-enabled locations. If you want to set the maximum amount of + bytes that a DAV client can send at one request, you have to use + the LimitXMLRequestBody + directive. The "normal" LimitRequestBody directive has no effect on DAV + requests.

+ +

Full Example

DavLockDB "/usr/local/apache2/var/DavLock"
+
+<Directory "/usr/local/apache2/htdocs/foo">
+    Require all granted
+    Dav On
+
+    AuthType Basic
+    AuthName DAV
+    AuthUserFile "user.passwd"
+
+    <LimitExcept GET POST OPTIONS>
+        Require user admin
+    </LimitExcept>
+</Directory>
+
+ +
top
+
+

Security Issues

+ +

Since DAV access methods allow remote clients to manipulate + files on the server, you must take particular care to assure that + your server is secure before enabling mod_dav.

+ +

Any location on the server where DAV is enabled should be + protected by authentication. The use of HTTP Basic Authentication + is not recommended. You should use at least HTTP Digest + Authentication, which is provided by the + mod_auth_digest module. Nearly all WebDAV clients + support this authentication method. An alternative is Basic + Authentication over an SSL enabled + connection.

+ +

In order for mod_dav to manage files, it must + be able to write to the directories and files under its control + using the User and + Group under which + Apache is running. New files created will also be owned by this + User and Group. For this reason, it is + important to control access to this account. The DAV repository + is considered private to Apache; modifying files outside of Apache + (for example using FTP or filesystem-level tools) should not be + allowed.

+ +

mod_dav may be subject to various kinds of + denial-of-service attacks. The LimitXMLRequestBody directive can be + used to limit the amount of memory consumed in parsing large DAV + requests. The DavDepthInfinity directive can be + used to prevent PROPFIND requests on a very large + repository from consuming large amounts of memory. Another + possible denial-of-service attack involves a client simply filling + up all available disk space with many large files. There is no + direct way to prevent this in Apache, so you should avoid giving + DAV access to untrusted users.

+
top
+
+

Complex Configurations

+ +

One common request is to use mod_dav to + manipulate dynamic files (PHP scripts, CGI scripts, etc). This is + difficult because a GET request will always run the + script, rather than downloading its contents. One way to avoid + this is to map two different URLs to the content, one of which + will run the script, and one of which will allow it to be + downloaded and manipulated with DAV.

+ +
Alias "/phparea" "/home/gstein/php_files"
+Alias "/php-source" "/home/gstein/php_files"
+<Location "/php-source">
+    Dav On
+    ForceType text/plain
+</Location>
+ + +

With this setup, http://example.com/phparea can be + used to access the output of the PHP scripts, and + http://example.com/php-source can be used with a DAV + client to manipulate them.

+
+
top
+

Dav Directive

+ + + + + + + +
Description:Enable WebDAV HTTP methods
Syntax:Dav On|Off|provider-name
Default:Dav Off
Context:directory
Status:Extension
Module:mod_dav
+

Use the Dav directive to enable the + WebDAV HTTP methods for the given container:

+ + 
<Location "/foo">
+    Dav On
+</Location>
+ + +

The value On is actually an alias for the default + provider filesystem which is served by the mod_dav_fs module. Note, that once you have DAV enabled + for some location, it cannot be disabled for sublocations. + For a complete configuration example have a look at the section above.

+ +
+ Do not enable WebDAV until you have secured your server. Otherwise + everyone will be able to distribute files on your system. +
+ +
+
top
+

DavDepthInfinity Directive

+ + + + + + + +
Description:Allow PROPFIND, Depth: Infinity requests
Syntax:DavDepthInfinity on|off
Default:DavDepthInfinity off
Context:server config, virtual host, directory
Status:Extension
Module:mod_dav
+

Use the DavDepthInfinity directive to + allow the processing of PROPFIND requests containing the + header 'Depth: Infinity'. Because this type of request could constitute + a denial-of-service attack, by default it is not allowed.

+ +
+
top
+

DavMinTimeout Directive

+ + + + + + + +
Description:Minimum amount of time the server holds a lock on +a DAV resource
Syntax:DavMinTimeout seconds
Default:DavMinTimeout 0
Context:server config, virtual host, directory
Status:Extension
Module:mod_dav
+

When a client requests a DAV resource lock, it can also + specify a time when the lock will be automatically removed by + the server. This value is only a request, and the server can + ignore it or inform the client of an arbitrary value.

+ +

Use the DavMinTimeout directive to specify, in + seconds, the minimum lock timeout to return to a client. + Microsoft Web Folders defaults to a timeout of 120 seconds; the + DavMinTimeout can override this to a higher value + (like 600 seconds) to reduce the chance of the client losing + the lock due to network latency.

+ +

Example

<Location "/MSWord">
+    DavMinTimeout 600
+</Location>
+
+ +
+
+
+

Available Languages:  en  | + fr  | + ja  | + ko 

+
top

Comments

Notice:
This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.
+
+ \ No newline at end of file -- cgit v1.2.3