Setting up WebDAV with Apache
July 2, 2009,
Web based storage with WebDAV can be set up in minutes using the Apache webserver.
WebDAV is a way to share files via web technologies. It is an extension of HTTP, the protocol on which the WWW is based. The WWW is everywhere these days and, including on phones and other mobile devices. File storage via the web therefore makes sense. File storage with WebDAV is becoming more common. Apple has iDisks and several providers, such as XS4ALL in the Netherlands, offer WebDAV based storage to their customers.
Setting up your own WebDAV server is not difficult at all with the right technologies. In the Apache webserver there is very solid support for WebDAV and setting it up is done within minutes. But please remember, as always, the devil is in the details, so we want to warn you in advance: if you are setting up WebDAV shares keep in mind that first of all you should have proper security. You don't want people from all over the Internet be able to download sensitive data from your WebDAV server, or worse, upload data you don't want to your WebDAV share. Second of all you will need to train users to use it properly. Having a shared storage is very convenient and powerful, but it soon might be a network bottleneck, especially if the WebDAV server is not the same network, but in a datacenter.
In Apache 2.0 and 2.2 there are a few modules that provide WebDAV support. The first one is mod_dav. This module takes care of all the new HTTP methods and status codes. The second module is mod_dav_fs. This module implements the storage backend with which data can be stored to and read from a file system. Depending on the operating system you use these modules might or might not be installed with the base distribution of Apache httpd.
To enable WebDAV you should add the following lines to the configuration (typically in the main httpd.conf configuration):
LoadModule dav_module modules/mod_dav.so LoadModule dav_fs_module modules/mod_dav_fs.so
The file system backend of mod_dav_fs uses a database for locking, which should be defined as well to make sure locking of files works:
<IfModule mod_dav_fs.c> DAVLockDB /var/lib/dav/lockdb </IfModule>
A simple configuration for a virtual host could look like this (note: this is of course not a complete configuration):
<VirtualHost 10.0.0.1> DocumentRoot "/path/to/dav/domain/" ServerAdmin root@localhost ServerName dav.local <Directory /path/to/dav/domain/> Dav On </Directory> </VirtualHost>
This should be enough to have the vhost handle WebDAV requests.
Because WebDAV uses HTTP it means you can use the default security mechanisms in HTTP, such as HTTPS and HTTP authentication. Most clients can easily handle HTTP Basic authentication and some of them can do HTTP Digest as well. Using HTTPS with HTTP Basic authentication should be enough for most applications though.
Adding HTTP Basic authentication (note: this is just the authentication, not the SSL part) to the configuration is easy:
<Directory /path/to/dav/domain/> Dav On AuthUserFile /path/to/authusersfile AuthName "Experimental DAV facility" AuthType Basic <LimitExcept OPTIONS> Require valid-user </LimitExcept> </Directory>
In this configuration the HTTP OPTIONS command is explicitely allowed for all clients. This is to work around a bug in one of the default clients in Windows XP.
You should keep in mind that files are stored and read as the user the web server runs as. Access control should therefor not be implemented in the file system, but on a different level, like Apache authentication. However, most WebDAV clients don't work nicely with different access control in subdirectories, which we will detail in a later article.