# HOWTO (v1.06): Creating a WebDAV server with apache2

## Pergamon

Introduction: Why WebDAV?

I needed a way to share information (both read and write) as easy as possible with friends in a quite restricted environment (firewall). In many cases, WebDAV which uses standard HTTP port 80 for comunication is a good solution for a file server application.

Clarification: Note that even so a web server is used to host the WebDAV protocol, client access is normally not done via a web browser. A special WebDAV client is required.  Fortunately Gnome, KDE, Windows 2000+XP and Mac OS X all include WebDAV clients. Once this client is correctly configured, explorer/finder/nautilus/konqueror can be used to browse files comfortably. See the "Testing" section below to learn how to configure a WebDAV client.

I am going to use apache-2.0.54-r5 in this howto for setup of the DAV server.

Some house-cleaning

You can skip this chapter, if apache is already installed on you system.

If your system (like mine) is a bit older, chances are that your harddisk is cluttered with different versions of apache config files which have been moved around quite a bit. If you experience problems like apache segfaulting, configs are not where they are supposed to be etc., go for a fresh installation (after backing up whatever you want to keep). It is a good idea to do a 

```
emerge -uD world
```

first, then:

```
emerge unmerge apache

rm -Rf /var/www

rm -Rf /etc/apache2

rm /etc/conf.d/apache2

rm /etc/init.d/apache2

emerge apache

mkdir -p /var/www/localhost/htdocs

```

Now put a smal test http document index.html into /var/www/localhost/htdocs (assuming this is still your standard web space configured in httpd.conf):

```

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>My WebDAV server</title>

</head>

<body>

Hello, world!

</body>

</html>
```

Now start the server:

```
rc-update add apache2 default

/etc/init.d/apache2 start

```

At this point  you should be able to test this page with a standard browser.

Setting up apache2 for WebDAV

Edit /etc/conf.d/apache2 to make sure the dav modules are loaded:

```
APACHE2_OPTS="-D DAV -D DAV_FS"
```

Now create a repository you want to share (/var/dav/mydavserver) and a place for the lock file lockdb (/var/lib/dav/):

```
mkdir -p /var/dav/mydavserver

chown -R apache:apache /var/dav

mkdir -p /var/lib/dav

chown -R apache:apache /var/lib/dav

```

and create user account(s)

For the first user use:

```
htpasswd2 -c /var/dav/.davpasswd mydavuser
```

The -c option creates (or truncates if already existing) the file .davpasswd.

For additional users (existing file .davpasswd) use:

```
htpasswd2 /var/dav/.davpasswd mydavuser
```

(no -c option!)

Now the DAV module needs to be configured. Change the following in /etc/apache2/modules.d/45_mod_dav.conf:

```
<IfDefine DAV>

  <IfModule !mod_dav.c>

    LoadModule dav_module    modules/mod_dav.so

  </IfModule>

</IfDefine>

<IfDefine DAV_FS>

  <IfModule !mod_dav_fs.c>

    LoadModule dav_fs_module   modules/mod_dav_fs.so

  </IfModule>

</IfDefine>

<IfModule mod_dav.c>

    Alias /mydavserver /var/dav/mydavserver

    DavMinTimeout 600

        <Location /mydavserver>

                Options None

                Dav On

                <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>

                        AuthType Basic

                        AuthName "WebDAV Restricted Repository"

                        AuthUserFile /var/dav/.davpasswd

                        Require valid-user

                </Limit>

        </Location>

</IfModule>

<IfModule mod_dav_fs.c>

    # Location of the WebDAV lock database.

    DavLockDB /var/lib/dav/lockdb

</IfModule>
```

If you want to allow standard web browser read access without authentication, remove the "GET" from the LIMIT statement above.

Testing

Testing a WebDAV repository from Windows

* Do not use internet explorer or any other web browser for this test.

* Double click the "Network" icon and select "Add network place". This starts the "Add network place wizzard". Select "Chose another network location" (we don't want MSN  :Wink:  ) and enter http://www.mydomain.com/mydavserver or https://www.mydomain.com/mydavserver if you followed the SSL installation. 

* This should bring up a login box with an info text we configured in 45_mod_dav.conf, "WebDAV Restricted Repository" in our example. Once you see this text, you verified, that WevDAV is active. 

* Now enter the account created with htpasswd2 and you should see your WebDAV directory with Windows explorer. This should work with Windows 2000 and Windows XP (or 2003 Server).

* According to autarkeia, Windows XP sometimes seems to require a portnumer :80 so try: http://www.mydomain.com:80/mydavserver to correctly access web dav repositories.

Testing a WebDAV repository from Mac OS X Tiger

* Do not use any web browser for this test.

* Start Finder, select menu "GO" option "Connect to server".

* enter http://www.mydomain.com/mydavserver or https://www.mydomain.com/mydavserver if you followed the SSL installation. 

* This should bring up a box "WebDAV file system authentication" with information about the URL and realm. The realm again should be exactly what was configured in 45_mod_dav.conf, "WebDAV Restricted Repository" in our example. Once you see this text, you verified, that WevDAV is active. 

* Now enter the account created with htpasswd2 and you should see your WebDAV directory. I tested with Mac OS X 10.4.1.

Testing a WebDAV repository from Gnome

* Do not use web browser functionality for this test.

* Start nautilus, select menu "File", option "Connect to server". Select Service type "WebDAV (Http)" or "Secure WevDAV (HTTP)" if you used SSL.

* Enter www.mydomain.com/mydavserver. This shows a login box ttp://www.mydomain.com/WebDAV Restricted Repository. Note the text configured in 45_mod_dav.conf.

* Now enter the account created with htpasswd2 and you should see your WebDAV directory.

Adding more security

Additionally, SSL can be used to encrypt the client server communication. I will use a certificate generated for free at cacert.org (inspired by a CACERT howto on gentoo-wiki.org).

Go to www.cacert.org to create a free account. Validate your domain mydomain.com which is required to generate a certificate for a server myserver.mydomain.com.

Then generate a certificate request that can be given to cacert.org:

```
cd /etc/apache2/ssl

openssl genrsa -out myserver.mydomain.com.key 1024

openssl req -new -key myserver.mydomain.com.key -out myserver.mydomain.com.csr
```

The second openssl command will ask a number of questions, only "Common Name" is important and should be myserver.mydomain.com. Otherwise cacert wont certify.

Now create a server certificate on cacert.org using the created *.csr file and copy the resulting information into a file myserver.mydomain.com.crt.

Now we need to configure apache. First make sure the SSL module is loaded too, edit /etc/conf.d/apache2 and add the -D SSL:

```
APACHE2_OPTS="-D SSL -D DAV -D DAV_FS"
```

the customize /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf:

```
SSLCertificateFile conf/ssl/myserver.mydomain.com.crt

SSLCertificateKeyFile conf/ssl/myserver.mydomain.com.key
```

Now you can create secure connections from clients by using the connection secure HTTPS URL:

https://myserver.mydomain.com/mydavserver

If you want to allow only SSL access, add (as niltonvolpato pointed out) a SSLRequireSSL into the <Location> section:

```
<Location /mydavserver>

    SSLRequireSSL

    ...

</Location>
```

Trouble shooting

I'll try to list a few reasons for the 403 forbidden error.

 * First of all, a normal web browser will not list a web dav directory, instead you get this forbidden error. Make sure you are actually using a webdav client to access your server and not a web browser. See the testing chapter in the FAQ how build-in webdav clients are used for different client operating systems. Additionally a web browser can be used to access a single file, so entering the webdav-url + file-name should work too.

If you get messages like: "client denied by server configuration: /var/dav/svn", try:

 * In some configurations of apache config (httpd.conf) inherited permissions deny access. Adding:

```

        ...

        AllowOverride None

        Order allow,deny

        Allow from all

    </Location>

```

to our Location directive in 45_mod_dav.conf should fix that.

 * Make sure, your webdav repository has group and owner of the username of apache server (ususally 'apache')

 * Double check the account creation via htpasswd2 (cat /var/dav/.davpasswd and verify that all required user account are there.)

 * Check the apache configuration in 45_mod_dav.conf

 * Check the logs (/var/log/apache)

 * Verify that standard web functionality is working (e.g. using the small test html file created above.)

 * If connecting from Windows XP fails, try to add a port number :80 into the connection URL: http://www.mydomain.com:80/mydavserver this seems to be a work around for some XP issues.

Credits

This got me started:

https://forums.gentoo.org/viewtopic-t-259786-highlight-moddav+howto.html

http://gentoo-wiki.com/HOWTO_cacert.org_SSL_certificates

Further information

http://httpd.apache.org/docs-2.0/mod/mod_dav.html

History

2005-06-04: v1.01: Some beautification, no essential changes.

2005-06-04: v1.02: clarification on usage of htpasswd2

2005-06-16: v1.03: Expanded testing section and created troubleshooting section

2005-07-03: v1.04: Added tip for connecting from Windows XP using port number :80

2005-08-03: v1.05: Fix for access-denied because of inherited permissions added

2005-08-11: v1.06: Tip for ssl-only access to WebDAV added, SSLRequireSSLLast edited by Pergamon on Thu Aug 11, 2005 11:55 am; edited 11 times in total

----------

## gtaluvit

You may also want to add, that if you are using authentication, not using SSL, and trying to connect with WindowsXP, that you have to either specify the port in Add Network Places, or use a # on the end of your folder.  So:

```

http://myserver:80/myfolder

http://myserver/myfolder/#

```

If you see Microsoft-WebDAV-MiniRedir accesses in your access logs with PROPFIND 401 500's, or you keep trying to connect and WinXP keeps throwing the domain name infront of your username, that's why.  You want to see Microsoft Data Access Internet Publishing Provider DAV 1.1 instead which will connect correctly.

----------

## mallchin

I am trying to connect with nautilus but it says:

Nautilus cannot display "dav://ganymede"

Please select another niewer and try again.

Hrm...

And this in the logs:

```

[Sat May 21 15:40:28 2005] [notice] child pid 4302 exit signal Segmentation fault (11)

```

----------

## Pergamon

@mallchin: In the beginning I had those segfaults too. The apache guys seems to have made internal changes that will cause segfaults, if you are working on a system that is not completely up-to-date or not properly rebuild after emerge of latest apache. (Read the warning notes after emerge of apache). This is basically why I wrote the "Housecleaning" section in the beginning of the FAQ - this was how I got it working.

@gtaluvit: I put a reference of your tricks into the howto, thanks.

----------

## mallchin

Pergamon, yep, I saw the notice at the end of the latest build and hadn't rebuilt my apache modules, I will try that...

----------

## apberzerk

I just tried all this, but when I go to mywebsite/mydavserver I get a 403 Forbidden.  I have no idea what I am doing, so all I did was follow the instructions exactly.  Any idea what I did wrong?

- Phil

----------

## timfreeman

That just happened to me, it was because I have directory listing off by default -- accessing a file in the dav directory worked.

----------

## Pergamon

I'll try to list a few reasons for the 403 forbidden error.

 * First of all, a normal web browser will not list a web dav directory, instead you get this forbidden error. Make sure you are actually using a webdav client to access your server and not a web browser. See the testing chapter in the FAQ how build-in webdav clients are used for different client operating systems. Additionally a web browser can be used to access a single file, so entering the webdav-url + file-name should work too.

 * Make sure, your webdav repository has group and owner of the username of apache server (ususally 'apache')

 * Double check the account creation via htpasswd2

 * Check the apache configuration in 45_mod_dav.conf

 * Check the logs (/var/log/apache)

 * Verify that standard web functionality is working (e.g. using the small test html file created above.)

----------

## apberzerk

Ah ok, I see now.  Yeah, I wasn't even sure how to USE it, I just wanted to set it up because I heard it can be used to display calendars/schedules.  But I found a thing called phpicalendar that does what I want it to do, instead.  Thanks.

----------

## cerb

Hi,

Thanks for the good HOWTO.  It seems to work basically - Apache starts without errors  :Razz: 

But when I try to connect (MAC OS Tiger) I get errors that it couldn't find the server.  This is not true.  An ngrep on the server reveils the following:

```

T client:54850 -> server:80 [AP]

OPTIONS /cerbdav/ HTTP/1.1.

User-Agent: WebDAVFS/1.3 (01308000) Darwin/8.1.0 (Power Macintosh).

Accept: */*.

Content-Length: 0.

Connection: keep-alive.

Host: www.server.de.

.

T server:80 -> client:54850 [A]

HTTP/1.1 403 Forbidden.

Date: Fri, 03 Jun 2005 08:59:24 GMT.

Server: Apache/2.0.52 (Gentoo/Linux) mod_perl/1.99_11 Perl/v5.8.5 mod_ssl/2.0.52 OpenSSL/0.9.7d DAV/2 PHP/5.0.3.

Vary: accept-language,accept-charset.

Accept-Ranges: bytes.

Keep-Alive: timeout=15, max=100.

Connection: Keep-Alive.

Transfer-Encoding: chunked.

Content-Type: text/html; charset=iso-8859-1.

Content-Language: en.

.

1e.

<?xml version="1.0" encoding=".

a.

ISO-8859-1.

a5.

"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang=".

e.

en" xml:lang=".

13.

en">

<head>

<title>.

38.

Access forbidden!</title>

<link rev="made" href="mailto:.

131.

admin@server.de" />

<style type="text/css"><!--/*--><![CDATA[/*><!--*/ 

    body { color: #000000; background-color: #FFFFFF; }

    a:link { color: #0000CC; }

    p, address {margin-left: 3em;}

    span {font-size: smaller;}

/*]]>*/--></style>

</head>

<body>

<img src=/server.de.Administration.jpg>

<br>

<h1>.

1b.

Access forbidden!</h1>

<p>

.

4.

  .

90.

    You don't have permission to access the requested directory.

    There is either no index document or the directory is read-protected.

  .

2.

.

9.

</p>

<p>

.

48.

If you think this is a server error, please contact

the <a href="mailto:.

1e.

admin@server.de">webmaster</a>.

.

11.

</p>

<h2>Error .

21.

403</h2>

<address>

  <a href="/">.

18.

www.server.de</a><br />

  .

9

T 62.141.42.76:80 -> 195.234.128.9:54850 [AP]

.

  <span>.

21.

Fri Jun  3 10:59:24 2005<br />

  .

8a.

Apache/2.0.52 (Gentoo/Linux) mod_perl/1.99_11 Perl/v5.8.5 mod_ssl/2.0.52 OpenSSL/0.9.7d DAV/2 PHP/5.0.3</span>

</address>

</body>

</html>

.

1.

.

0.

.

```

Permissions on the directory are OK:

```

drwxr-xr-x  3 apache apache 104 Jun  3 10:31 /var/dav

drwxr-xr-x  2 apache apache 48 Jun  3 10:47 /var/dav/cerbdav

drwxr-xr-x  2 apache apache 72 Feb  2 22:52 /var/lib/dav

```

The Apache-log states:

```

[Fri Jun 03 10:59:24 2005] [error] [client client] client denied by server configuration: /var/dav/cerbdav/

```

My config is the following:

```

<IfDefine DAV>

  <IfModule !mod_dav.c>

    LoadModule dav_module    modules/mod_dav.so

  </IfModule>

</IfDefine>

<IfDefine DAV_FS>

  <IfModule !mod_dav_fs.c>

    LoadModule dav_fs_module   modules/mod_dav_fs.so

  </IfModule>

</IfDefine>

<IfModule mod_dav.c>

    Alias /cerbdav /var/dav/cerbdav

    DavMinTimeout 600

        <Location /cerbdav>

                Options None

                Dav On

                <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>

                        AuthType Basic

                        AuthName "cerbfs WedDAV Restricted Repository"

                        AuthUserFile /var/dav/.davpasswd

                        Require valid-user

                </Limit>

        </Location>

</IfModule>

<IfModule mod_dav_fs.c>

    # Location of the WebDAV lock database.

    DavLockDB /var/lib/dav/lockdb

</IfModule>

```

Any suggestions would be appreciated.

Brgds,

cerbfs

----------

## Pergamon

I tested this with Mac OS X Tiger 10.4.1 and didn't have any problems.

A few suggestions (but it is a bit digging in the dark, since your setup seems ok):

 - If you set up a small web page on your apache, does that work?

 - if that works, can you access a single file in your webdav browser not using a webdav client but a web browser (as discussed above?)

 - Did you try other webdav clients? (e.g. kde, gnome or windows?)Last edited by Pergamon on Sat Jun 04, 2005 3:50 pm; edited 1 time in total

----------

## catalYst

I'm having the same problem and I've combed through this Howto three times now very very carefully.  I've tested it in Gnome (nautilus), evolution and Windows XP (ie), they all act as though my password is wrong or something.  Irritating to say the least.

----------

## Pergamon

this information is now included in the howto itself

Just to make sure we are trying the same thing, I'll try to provide more details for usage with different operating systems.

Note: if you followed the howto version before 1.02 and created more than one user account, only the last account created with "htpasswd -c" is available. The -c option used with htpasswd truncates the password file each time and deletes old users. See corrections above.

Testing a WebDAV repository from Windows

* Do not use internet explorer or any other web browser for this test.

* Double click the "Network" icon and select "Add network place". This starts the "Add network place wizzard". Select "Chose another network location" (we don't want MSN  :Wink:  ) and enter http://www.mydomain.com/mydavserver or https://www.mydomain.com/mydavserver if you followed the SSL installation. 

* This should bring up a login box with an info text we configured in 45_mod_dav.conf, "WebDAV Restricted Repository" in our example. Once you see this text, you verified, that WevDAV is active. 

* Now enter the account created with htpasswd2 and you should see your WebDAV directory with Windows explorer. This should work with Windows 2000 and Windows XP (or 2003 Server).

Testing a WebDAV repository from Mac OS X Tiger

* Do not use any web browser for this test.

* Start Finder, select menu "GO" option "Connect to server".

* enter http://www.mydomain.com/mydavserver or https://www.mydomain.com/mydavserver if you followed the SSL installation. 

* This should bring up a box "WebDAV file system authentication" with information about the URL and realm. The realm again should be exactly what was configured in 45_mod_dav.conf, "WebDAV Restricted Repository" in our example. Once you see this text, you verified, that WevDAV is active. 

* Now enter the account created with htpasswd2 and you should see your WebDAV directory. I tested with Mac OS X 10.4.1.

Testing a WebDAV repository from Gnome

* Do not use web browser functionality for this test.

* Start nautilus, select menu "File", option "Connect to server". Select Service type "WebDAV (Http)" or "Secure WevDAV (HTTP)" if you used SSL.

* Enter www.mydomain.com/mydavserver. This shows a login box ttp://www.mydomain.com/WebDAV Restricted Repository. Note the text configured in 45_mod_dav.conf.

* Now enter the account created with htpasswd2 and you should see your WebDAV directory.

More trouble shooting

* Check apache logs in /var/log/apache

* cat /var/dav/.davpasswd and verify that all required user account are there.

* verify directory permissions

* verify 45_mod_dav.conf.

----------

## CB2206

Thanks a lot for the great howto, Pergamon. Its working great here.

One question still remains. Is it in any way possible to let mod_dav support symlinks?

----------

## bwoo

I'm still having problems after following the HOWTO at least 5 times!

I'm using WinXP.

Here is an extract from my access_log:

[20/Jun/2005:09:28:25 -0400] "PROPFIND /mydavserver HTTP/1.1" 403 319 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

And from my error_log

[Mon Jun 20 09:33:43 2005] [error] [client AAA.BBB.CCC.DDD] client denied by server configuration: /var/dav/mydavserver

Every time I enter my username and password, it comes back with the same dialog box, except that my username is now "http://www.myserver.com/mydavserver\mydavuser"

Can anyone help?

Thanks in advnace

----------

## Pergamon

@CB2206: Symlinks. I never tried this myself with webdav, but I read a post about someone who has used symlinks within a standard web site successfully. This did work as long as the symlinks target was owned by the user context running apache2. (apache in standard installations). So make sure the files in questions are chown apache:apache.

@bwoo: Did you try just to put a standard HTML page on apaches web space (as suggested in the howto) and to access this with a standard browser? Did you check if apache is really running with user name "apache"?

Once standard web stuff does work, you could try to remove the "GET" restriction in the limit statement of 45_mod_dav.conf. (See howto) After this you should be able to get files with a standard web browser without authentication. Directory browsing will not work, so you have to point to a single file with the browsers URL. This should allow to narrow down this issue.

----------

## bwoo

Pergamon,

I do have the index.html file you mentioned and I also tried removing the GET directive.

Here is what I got:

the index.html shows properly

after removing the GET directive, I tried to log in, and it still asks for the password!

Also, despite the fac that in the AuthName section, I have "WebDAV Restricted Repository", it just says "Connecting to www.myserver.com"

I've been reading elsewhere that XP tends to have a problem logging on..

any other ideas?

b

----------

## Pergamon

If XP isn't giving the comment you configured in AuthName, then XP isn't talking WebDAV to the apache at all.

Are you sure, that the apache web dav modules are loaded?

Did apache2 start correctly? I sometimes had problems after restarting apache2: it wouldn't always cleanly restart. I noticed when only one instance of apache2 was visible on "ps -A", there would be problems. Removing this process and restarting sometimes helped. While apache2 was ok, several processes apache2 where shown.

Is there a way to test your installation with a different Web Dav client (e.g. linux KDE or Gnome or MAC OS X)?

----------

## bwoo

Pergamon,

I'm pretty sure that the webdav modules are loaded. apache2 seems to have started properly. in my error_log, is the following entry when I start Apache. I noticed DAV in there so, I'm guessing that it started properly.

[Tue Jun 21 08:14:04 2005] [notice] Apache/2.0.54 (Gentoo/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e DAV/2 PHP/4.3.11 configured -- resuming normal operations

In some of the other forums I have read that XP has a problem because it doesn't implement the right director or something like that. Unfortunately, I don't have another web dav client. I see 9 total apache2 entries when I do a "ps -A".

b

----------

## Pergamon

I rechecked this with three different XP boxes (they are all Windows XP with SP2 installed). No problem at all.

What versions of apache / Windows XP are you using?

Could you post your 45_mod_dav.conf?

----------

## bwoo

45_mod_dav.conf below:

 *Quote:*   

> <IfDefine DAV>
> 
>   <IfModule !mod_dav.c>
> 
>     LoadModule dav_module    modules/mod_dav.so
> ...

 

I'm using apache 2.0.54 and windows xp pro sp2

----------

## Pergamon

Included this within the troube shooting section of the how-to

I found this:

 *Quote:*   

> And apparently through inherited permissions in the apache config, this was not allowing writes. Adding:
> 
> AllowOverride None
> 
> Order allow,deny
> ...

 

in http://www.linuxquestions.org/questions/archive/2/2003/10/4/109615

otherwise, as you already mentioned, there are bizare reports about XP not playing well:

like: http://mailman.lyra.org/pipermail/dav-dev/2005-January/005808.htmlLast edited by Pergamon on Wed Aug 03, 2005 8:16 am; edited 1 time in total

----------

## bwoo

I tried the suggested entries above the <Limit> lines, but still the same.. incorrect AuthName being presented!

b

----------

## Pergamon

Maybe it is necessary to look into the protocol exchange on the wire.

If you are not using SSL, you can use

```
ngrep port 80
```

on the webdav server to log the interaction between client and server. Check that for a standard web browser access and compare with web dav access.

Unfortunately my server runs SSL (everything ngrep shows is encoded then), and I cannot change this for some time. 

Maybe someone else can post a working access log of XP client to web dav server?

----------

## bwoo

OK, I have no idea what I'm looking at, but here is the result of ngrep port 80:

 *Quote:*   

> ####
> 
> T 65.115.32.226:40754 -> 192.168.0.12:80 [AP]
> 
>   PROPFIND /mydavserver HTTP/1.1..Depth: 0..translate: f..User-Agent: Microso
> ...

 

----------

## autarkeia

I was wrestling with all of these options and Windows XP's totally wonky Web Folders WebDAV client, and someone here suggested putting the ":80" into the URL so that it looks like this: http://www.domain.com:80/davdirectory . I toyed around with changing configs for hours before I finally tried this, and it worked. FYI the authentication dialog box that pops up when using this method looks different than the standard authentication dialog box. Actually, I had a weird sequence of events:

I put in :80 into the URL and entered into the New Network Place dialog box

A different authentication dialog box than normal popped up. I entered my username and password and it connected successfully.

The drive mounted, and I was asked if I wanted to view it immediately. I said "Yes."

The "normal" authentication dialog box popped up. I clicked cancel.

The "other" authentication dialog box (exactly like in step 2) popped up again, with none of my data filled in, even though I had selected "Save my data..." in the previous attempt

I entered in my login and password a second time, and then everything just worked right.

It sounds wonky, and it is, but it worked. I have attempted to get Windows XP to work with WebDAV many times, and there are just tons of reports all over the Net about how M$ screwd up the client in some weird way. This worked for me.

YMMV.

----------

## arkepp

Hi,

I also got

```
[Tue Aug 02 14:21:21 2005] [error] [client 192.168.1.60] client denied by server configuration: /var/dav/svn
```

but Pergamon's suggestion

```
AllowOverride None

Order allow,deny

Allow from all 
```

(in the Directory section) worked beautifully.

I suggest making it standard in the tutorial. I had just moved everything onto a new server and started with "fresh" configuration files, so I think almost everyone will need it. I wonder how long it would have taken me to figure this one out  :Wink:  thanks again

----------

## Pergamon

I added both the XP port 80 trick (autarkeia) and the permission inheritence thing (arkepp) to the trouble shooting section of the how-to. Normaly, this (AllowOverride None | Order allow,deny | Allow from all) should be the standard permissions already present in httpd.conf.

----------

## niltonvolpato

Is there any way to permit only secure webdav connection and deny non secure connections in the webdav directories? But, of course, still permit non-secure http for the others sites on the same apache server.

This is for security reasons, so an user will not type his/her password in clear text.

Thanks,

-- Nilton

----------

## Pergamon

Just a pointer:

I found a hint here. (See chapter "Set up access rules to the WebDAV directory". )

It seems that one can move the WebDAV directory defintions (<location> .. </location>) from 45_mod_dav.conf into the 

SSL only vhost configuration.

If you figure out how to do this with Gentoo, I would add this to the howto.

Update: It seems that /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf is the place to define locations that should be accessed only via SSL. Can somebody confirm that?

----------

## niltonvolpato

 *niltonvolpato wrote:*   

> Is there any way to permit only secure webdav connection and deny non secure connections in the webdav directories? But, of course, still permit non-secure http for the others sites on the same apache server.

 

I found it! It suffices to put SSLRequireSSL inside Location, this way:

```
<Location /mydavserver>

    SSLRequireSSL

    ...

</Location>
```

This way connections through http will be forbidden, only https connection will work. One thing that is important to note is that mod_ssl is loaded before mod_dav, in my modules.d directory 40_mod_ssl.conf comes earlier than 45_mod_dav.conf (the numbers indicate the loading order). But I think this should be a default for gentoo installations.

Thanks Pergamon,

-- Nilton

----------

## Pergamon

Thanks niltonvolpato, added the SSLRequireSSL tip into the howto.

----------

## spil

Tip for Windows compatibility:

don't use a slash to terminate the alias, e.g.

```
Alias /dav /var/dav

not

Alias /dav/ /var/dav/
```

Windows XP SP2 will strip the trailing slash of the path making your connection fail, e.g.

```
http://gentoo/dav/

returns

x.x.x.x - - [18/Sep/2005:12:25:19 +0200] "OPTIONS /dav HTTP/1.1" 401 521 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
```

----------

## stillman

thank you for this nice intro to webdav, much better than the documentation on the mod_dav-website. one thing i noticed at my fresh installation of apache is the location of modules.d, in my case it is /etc/apache2/conf/modules.d

----------

## jlongs2

My access_log has entries like these:

```
127.0.0.1 - - [06/Oct/2005:11:29:25 -0500] "PROPFIND /dav HTTP/1.1" 405 293

127.0.0.1 - - [06/Oct/2005:11:29:25 -0500] "HEAD /dav HTTP/1.1" 301 -

127.0.0.1 - - [06/Oct/2005:11:29:25 -0500] "HEAD /dav/ HTTP/1.1" 200 -
```

Nautilus says "Couldn't display "dav://csdept@acm.cs.uic.edu/dav". The location is not a folder."

45_mod_dav.conf:

```

<IfDefine DAV>

  <IfModule !mod_dav.c>

    LoadModule dav_module    modules/mod_dav.so

  </IfModule>

</IfDefine>

<IfDefine DAV_FS>

  <IfModule !mod_dav_fs.c>

    LoadModule dav_fs_module   modules/mod_dav_fs.so

  </IfModule>

</IfDefine>

<IfModule mod_dav.c>

    DavMinTimeout 600

        <Location /dav>

                Dav On

                <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>

                        AuthType Basic

                        AuthName "WebDAV Restricted"

                        AuthUserFile /var/www/localhost/DAV/.htdavpasswd

                        Require user csdept

                </Limit>

                AllowOverride None

                Order allow,deny

                Allow from all

        </Location>

</IfModule>

<IfModule mod_dav_fs.c>

    # Location of the WebDAV lock database.

    DavLockDB /var/lib/dav/lockdb

</IfModule>

```

edit: I was editing /etc/apache2/conf/modules.d/45_mod_dav.conf, not /etc/apache2/modules.d/45_mod_dav.conf.  Fixed.

----------

## olt

great how-to. thanks.

----------

## wayt

Thanks for a nice How-To. It allowed me to get a WebDAV repository up and working in about 15 minutes.

Windows Explorer and Mac OS X Finder both login fine and can save and copy files to and from the repository.

But for some reason, Apple's iCal program refuses to publish a calendar to the site. That's the primary reason I created the repository, so this is frustrating.

When I select iCal's "Publish..." menu option, enter a base URL of "http://gentoo/private" (same as I do to connect in Explorer or Finder), my login and password, then click the Publish button, iCal responds:

Publish failed for calendar "WWG"

Connection to gentoo failed because it is unreachable or down.

Neither of which is true, of course. Both the server and the client are on the same LAN, BTW.

Has anyone got iCal successfully uploading its calendar to a gentoo-based WebDAV server? Any tips to make this work?

----------

## ptfoof

Pergamon,

Good job.  This is a pretty well written HOWTO.  I had a few problems, but they were minor and my fault.

ptfoof

----------

## quantum0726

Thanks for the great HowTo!

With exception of taking a good hour to realize that not adding 'AllowOverride All' to the conf file for web_dav, I couldn't add Indexes with a .htaccess file, I got it up and working in short time.

I have one question though, is there a way to give different users different access?

For example, let's say I want no anonymous connections (i.e. GET requires even a user); I want user 'foo' to be able to GET and PROPFIND, but not write in any way; I want user 'bar' to have full access, read and write.  Using the 'require user foo' and 'require user bar' I should be able to set up two separate <Limit> statements, but I'm too sure how to set the requirements to ensure that anonymous users get no access.

----------

## quantum0726

 *wayt wrote:*   

> Has anyone got iCal successfully uploading its calendar to a gentoo-based WebDAV server? Any tips to make this work?

 

I am able to get iCal working fine, but so far no https access.  My guess is that since my server has an invalid cert. (going to try to follow the link in this HowTo to get that fixed...it's been busted for some time now) it's rejecting the connection and not prompting as Finder does.  If I disable SSL on the WebDAV share it publishes fine.  Which version of iCal/OS X are you using?

----------

## M1Sports20

How would you do this with userdirs

I like how each user has a public_html dir right now.  could I do webdav with this

----------

## dkaplowitz

Great guide. Worked like a charm. Thanks!

----------

## zbindere

Is it possible to setup different subfolders for different users, so that only a user with the right permission can access his folder?

----------

## superczar

I'm having a spot of trouble, followed the guide many times on a clean system, just installed apache. Can't connect from either of my OS X Tiger machines to my gentoo server/workstation.

Here's my access log.

 *Quote:*   

> 192.168.0.152 - - [15/Dec/2006:23:39:03 -0800] "OPTIONS /idisk/ HTTP/1.1" 403 10

 

Here's my error log.

 *Quote:*   

> [Fri Dec 15 23:39:03 2006] [error] [client 192.168.0.152] (13)Permission denied: access to /idisk/ denied

 

All I get is 403 errors no auth window or anything useful.

I can view html files from outside the webdav folder but not from inside it, whether or not I have restricted GET access.

Here's my 45_mod_dav.conf file 

 *Quote:*   

> <IfDefine DAV>
> 
>    <IfModule !mod_dav.c>
> 
>      LoadModule dav_module    modules/mod_dav.so
> ...

 

My file/folder permissions are good... apache:apache rwx r-x r-x....

Apache is running as apache:apache

I'm using the finder to connect, not a web browser... (although i've tried to access an html file from a webbrowser to no avail).

Any ideas? (it's being called idisk, cause eventually it's gonna act as a fake idisk server, but for now plain ol' webdav would do nicely).

----------

## M1Sports20

This is a great howto.  I am able to connect to my webdav server from both linux and windows.  However I have a Microsoft Windows Vista Client.  It won't connect.  I tried both the port trick (append :80) and append # trick described on the first page of this thread.

Here is what the apache log looks like

access_log

```

12.210.97.5 - - [21/Jan/2007:23:06:38 -0600] "PROPFIND / HTTP/1.1" 207 817

12.210.97.5 - - [21/Jan/2007:23:06:38 -0600] "PROPFIND / HTTP/1.1" 207 817

12.210.97.5 - - [21/Jan/2007:23:06:45 -0600] "PROPFIND / HTTP/1.1" 207 817

```

error_log -- Has nothing.

Anyone have any clue whats going on.  Did Microsoft break the standard.

----------

## Sakkath

Why don't you warn before saying 'rm -rf /var/www'?

----------

## Caffeine

Great HowTo!

Has anybody managed to get this working for users other than apache? I'd like to be able to setup access to user homedirs and have the webdav process switch to the user's UID. I'd be happy setting up a virtual host per user.  I've had a look here: http://httpd.apache.org/docs/2.2/mod/mpm_common.html#user but it seems that the User directive no longer works within a <VirtualHost> section. 

This must be a reasonably common request I'd have thought.

Cheers,

Dkam

----------

## ailpein

I can not connect with my webdav server. I try many trick's but it still doesn't work! 

I need help...

When I look at : http://localhost/

I see:

Hello, world!

So apache is working. When I use nautilus to look at localhost/webdavserver or cadaver to open: localhost/mydavserver, I 've :

Could not contact server:

403 Forbidden

This is my 45_mod_dav.conf 

<IfDefine DAV>

  <IfModule !mod_dav.c>

    LoadModule dav_module    modules/mod_dav.so

  </IfModule>

</IfDefine>

<IfDefine DAV_FS>

  <IfModule !mod_dav_fs.c>

    LoadModule dav_fs_module   modules/mod_dav_fs.so

  </IfModule>

</IfDefine>

<IfModule mod_dav.c>

    Alias /mydavserver /var/dav/mydavserver

    DavMinTimeout 600

        <Location /mydavserver>

                Options None

                Dav On

                <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>

                        AuthType Basic

                        AuthName "WebDAV Restricted Repository"

                        AuthUserFile /var/dav/.davpasswd

                        Require valid-user

                </Limit>

        </Location>

</IfModule>

<IfModule mod_dav_fs.c>

    # Location of the WebDAV lock database.

    DavLockDB /var/lib/dav/lockdb

</IfModule>

And folders:

drwxr-xr-x  3 apache apache 112 XII 17 22:12 dav

-rw-r--r--  1 root   root    22 XII 17 22:12 .davpasswd

drwxr-xr-x  2 apache apache  48 XII 17 22:11 mydavserver

Options in /etc/conf.d/apache:

APACHE2_OPTS="-D DAV -D DAV_FS -D DEFAULT_VHOST -D INFO -D LANGUAGE -D SUEXEC"

Thanks for help.

----------

## notHerbert

I couldn't get it to work with nautilus - must be some kind of gnome problem.

But it works fine with cadaver and KNetAttach.   :Smile: 

----------

