WebDAV, which is short for "Web-based Distributed Authoring and Versioning", is a technology that builds on the HTTP protocol by adding methods like HTTP PUT to store and manage files. Almost all Operating Systems today come with a WebDAV client bundled in, which makes this protocol a simple alternative to full-blown SMB/CIFS or NFS solutions.
However, when I recently tried to mount a WebDAV resource with Windows XP SP2, I was surprised to see that - although the share worked quite fine some months ago - I could now no longer authenticate. The username/password-Prompt just kept popping up as if the combination entered had been rejected.
Digging into the log files I found something strange: The Windows box did not even try to authenticate. All I saw were unsuccessful attempts at retrieving information about the root WebDAV folder without any login supplied. The following is an example line from my webserver's access log:
IP - - [TIME] "PROPFIND /dav HTTP/1.1" 401 523 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
After hours of searching for possible causes I finally discovered a document titled Changes to Functionality in Microsoft Windows XP Service Pack 2 which states that with Service Pack 2 installed, the WebDAV Redirector would simply no longer try to authenticate at all when using Basic Authentication.
I was indeed using Basic Authentication as I did not expect any attackers in my LAN, so just switching to Digest Authentication solved the matter for me, but for everyone just starting with WebDAV here's a short HOWTO on setting up WebDAV-powered "Web Folders". The system layout I am using is Debian GNU/Linux 3.1 running Apache httpd 2 (apache2):
The first step towards working Web Folders is installing apache2 and configuring the required modules. This is as simple as typing
apt-get install apache2-mpm-prefork apache2-utils cd /etc/apache2/mods-enabled/ ln -s ../mods-available/dav.load ln -s ../mods-available/dav_fs.load ln -s ../mods-available/dav_fs.conf ln -s ../mods-available/auth_digest.load
This installs apache2 with the prefork multi-processing module, some useful utilities and enables all modules required for WebDAV and Digest Authentication.
For Digest Authentication, which uses a MD5 hash of username, password, the HTTP request and a nonce instead of transmitting the login in plain text, a different file format is used than for Basic Authentication, so we now need to create a new htpasswd file used exclusively for Digest Authentication:
cd /etc/apache2/ htdigest -c htusers.digest "Private Area" johndoe
Next, we create the directory that will serve as our Web Folder and make it owned by the user apache2 run as:
cd /var/www/ mkdir dav chown www-data dav chgrp www-data dav
Finally, we edit the VirtualHost section in /etc/apache2/sites-enabled/default to contain a block like the following
<Location /dav> DAV On Order allow,deny Allow from 127.0.0.1/255.255.255.255 Allow from 192.168.0.0/255.255.255.0 AuthType Digest AuthName "Private Area" AuthDigestDomain /dav/ AuthDigestFile /etc/apache2/htusers.digest AuthAuthoritative on Require valid-user Satisfy any ForceType application/x-downloadable SetEnv redirect-carefully </Location>
This will do four things:
That's it. We are done and can now use the ressource in Windows XP. I know of three possible ways to open a Web Folder in Windows XP:
If you experience trouble connecting to your Web Folder, check your server configuration by using a working WebDAV client like DAV Explorer...