Christoph's - WebDAV

Using WebDAV-powered "Web Folders" with Windows XP SP2

WebDAV, which is short for "Web-based Distributed Authoring and Versioning", is a technology that builds on the HTTP protocol by adding methods like HTTP PUT to store and manage files. Almost all Operating Systems today come with a WebDAV client bundled in, which makes this protocol a simple alternative to full-blown SMB/CIFS or NFS solutions.

However, when I recently tried to mount a WebDAV resource with Windows XP SP2, I was surprised to see that - although the share worked quite fine some months ago - I could now no longer authenticate. The username/password-Prompt just kept popping up as if the combination entered had been rejected.

Digging into the log files I found something strange: The Windows box did not even try to authenticate. All I saw were unsuccessful attempts at retrieving information about the root WebDAV folder without any login supplied. The following is an example line from my webserver's access log:

IP - - [TIME] "PROPFIND /dav HTTP/1.1" 401 523 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

After hours of searching for possible causes I finally discovered a document titled Changes to Functionality in Microsoft Windows XP Service Pack 2 which states that with Service Pack 2 installed, the WebDAV Redirector would simply no longer try to authenticate at all when using Basic Authentication.

I was indeed using Basic Authentication as I did not expect any attackers in my LAN, so just switching to Digest Authentication solved the matter for me, but for everyone just starting with WebDAV here's a short HOWTO on setting up WebDAV-powered "Web Folders". The system layout I am using is Debian GNU/Linux 3.1 running Apache httpd 2 (apache2):

The first step towards working Web Folders is installing apache2 and configuring the required modules. This is as simple as typing

apt-get install apache2-mpm-prefork apache2-utils
cd /etc/apache2/mods-enabled/
ln -s ../mods-available/dav.load
ln -s ../mods-available/dav_fs.load
ln -s ../mods-available/dav_fs.conf
ln -s ../mods-available/auth_digest.load

This installs apache2 with the prefork multi-processing module, some useful utilities and enables all modules required for WebDAV and Digest Authentication.

For Digest Authentication, which uses a MD5 hash of username, password, the HTTP request and a nonce instead of transmitting the login in plain text, a different file format is used than for Basic Authentication, so we now need to create a new htpasswd file used exclusively for Digest Authentication:

cd /etc/apache2/
htdigest -c htusers.digest "Private Area" johndoe

Next, we create the directory that will serve as our Web Folder and make it owned by the user apache2 run as:

cd /var/www/
mkdir dav
chown www-data dav
chgrp www-data dav

Finally, we edit the VirtualHost section in /etc/apache2/sites-enabled/default to contain a block like the following

<Location /dav>
	Order allow,deny
	Allow from
	Allow from
	AuthType Digest
	AuthName "Private Area"
	AuthDigestDomain /dav/
	AuthDigestFile /etc/apache2/htusers.digest
	AuthAuthoritative on
	Require valid-user
	Satisfy any

	ForceType application/x-downloadable
	SetEnv redirect-carefully

This will do four things:

That's it. We are done and can now use the ressource in Windows XP. I know of three possible ways to open a Web Folder in Windows XP:

If you experience trouble connecting to your Web Folder, check your server configuration by using a working WebDAV client like DAV Explorer...