Time for another enhancement for the Apache web server. If you followed my other 2 Apache postings, you will have a secure web server configuration which has SSL enabled and is monitored by the mod_security application level firewall. Now it is time to setup the WebDAV module so that you can use your web server as an external file storage.

The first step is to activate the dav_fs module:

a2enmod dav_fs

The rest of the configuration needs to be done inside one of your virtual host configuration files. Please note that it is recommended to enable the WebDAV service in an SSL secured virtual host, because Windows seems to have issues connecting to WebDAV services which are not secured via SSL.

In the first Apache tutorial we have created the virtual host foobar.org. To add the WebDAV service to that virtual host, open the configuration file /etc/apache2/sites-available/foobar.org and add a new Directory-directive into the SSL-enabled VirtualHost:

<virtualhost *:443>
        SSLEngine On
        ....
        <Directory /srv/www/vhosts/foobar.org/httpsdocs/webdav>
                DAV On
                AllowOverride AuthConfig
                AuthType Basic
                AuthName "WebDAV Login"
                AuthUserFile /srv/www/vhosts/foobar.org/webdav-users
                Require valid-user
        </Directory>
</VirtualHost>

The above configuration defines a new subdirectory in the foobar.org SSL webspace which has the WebDAV module activated and is secured via a basic login mechanism. So if you try to access the address https://www.foobar.org/webdav you will be prompted for a login and password. The logins are stored in the file /srv/www/vhosts/foobar.org/webdav-users. We need to create this file and define a valid user:

htpasswd -c /srv/www/vhosts/foobar.org/webdav-users username

Where username ist the login you would like to use. You will be prompted for a password and the user will be created in the specified file.

Now create the webdav directory and make it writeable for the Apache server:

mkdir /srv/www/vhosts/foobar.org/httpsdocs/webdav
chown www-data.www.data /srv/www/vhosts/foobar.org/httpsdocs/webdav
chmod g+w /srv/www/vhosts/foobar.org/httpsdocs/webdav

That’s it. After restarting your Apache server, you can now mount the above directory via WebDAV with the address https://www.foobar.org/webdav and use it as an external file store.

If you want to restrict only write access to the WebDAV directory and allow read-only access to anybody, replace Require valid-user with:

<LimitExcept GET>
        Require valid-user
</LimitExcept>

This change will only require a login when uploading, modifying or deleting files in the WebDAV directory. You could also enable directory browsing with the following configuration setting:

Options Indexes

Should you use mod_security you also need to disable some rules which would block WebDAV traffic. This is best done inside of the above Directory-directive:

<IfModule mod_security2.c>
        SecRuleRemoveById 960032 960038 960904
</IfModule>

Please note that the rule ids may change depending on the mod_security version you use. So if WebDAV does not seem to work, take a look at the mod_security audition log to see which rules are blocking your traffic.