WebDAV stands for 'Web-based Distributed Authoring and Versioning'. Normally HTTP protocol provides internet users with the read access on web files. So, anybody will be able to read/execute the website files, but will not be able to write on to the underlying web files. The webdav module is an extension to the HTTP protocol which allows the users to edit the web files. Hence, it can be used as a support tool for remote software development teams where multiple users can manage and modify the remote files simultaneously through internet.
The webDAV feature is facilitated through the use of the Apache module mod_dav.
WebDAV can be enabled in Apache using the following steps.
1. Installing the web_dav Module
a. For older Apache versions- apache 1.3.x
We can dynamically compile the module mod_dav on apache. We can get the source from
http://www.webdav.org/mod_dav/. Download the compressed source file and extract it.
You can compile it using the following steps.
$ make install
Move on to the apache modules directory (probably /usr/local/apache/libexec) and verify
the libdav.so module. Yes, We have done with the installation part.
b. For Apache 2.x versions
For these versions, mod_dav module is available in the apache installation package itself. You need to recompile apache with –enable-dav option in “./configure”
2. Loading the installed module on Apache
a. If the module is statically compiled on apache, you will be able to see the mod_dav module already loaded, using the command “httpd –l”
b. If the module is dynamically compiled as in step 1.a, you need to load the module using the “LoadModule” directive in apache configuration file, probably /usr/local/apache/conf/httpd.conf
LoadModule dav_module libexec/libdav.so
3. Configuring the DAV directives
Following are the mandatory configurations for enabling webdav.
a. Enable DAV for the required directory
For this, you will just need to add the following line within <Directory> or <Location> directive.
If the DAV directive is within a <Directory> directive, then DAV will be enabled for that particular directory and its subdirectories. For a <Location> directive, then DAV will be enabled for that portion of the URL namespace.
b. Specify the Lock Database
Locking is required to ensure concurrency control. You should use the “DAVLockDB” directive (outside of <Directory> or <Location> containers or within <VirtualHost> container) to mention the directory in which lock files should be created and also the filename need to be used by the mod_dav. The directory should exist and should be writable by the Apache process.
Mod_dav module will create lock files inside the directory ‘/usr/local/apache/var’ when needed with the filename prefix ‘DAVLock’.
c. Specify Lock Timeout minimums (Optional)
The directive “DAVMinTimeout” specifies the minimum lifetime of a lock in seconds and can be given outside or inside of <Directory> / <Location> directive.
4. Creating and Authorizing the WebDAV Directory
We should create the webdav directory and make sure it is writable by apache process (change the ownership of the directory to the user running apache).
For security purposes, we need to authorize the users to use the webdav directory and should apply access controls. This can be done as follows.
a. Creating a password file to authorize users
htpasswd –c /home/www/webdav/.DAVlogin webdav
This will enable the user “webdav”
b. Access controls need to be provided using either <Limit> or <LimitExcept> directive. For <Limit> directive, you need to explicitly mention all methods need to be secured. For <LimitExcept> you can restrict all methods except the listed methods.
Finally, a sample configuration might look like the following.
AuthName "Restricted Access"
<LimitExcept GET HEAD OPTIONS>
Require user webdav
5. Restart Apache
Apache needs to be restarted for the modifications on apache configuration to take effect.
Now you will be able to access webdav through the internet browser or using any webdav enabled client software like JEdit.