How To Disable Web Dav Extensions?Free consultation

WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. Many web servers enable WebDAV extensions by default, even when they are not needed. Because of its added complexity, it is considered good practice to disable WebDAV if it is not currently in use.

1

Customers

2

Case Studies

3

Affiliates

4

Philosophy

We offer cyber security penetration testing and consultancy services to a variety of customers.
Such synergies bring value in to Valency Networks which benefit the customers by having solutions to variety of their requirements.
Such synergies bring value in to Valency Networks which benefit the customers by having solutions to variety of their requirements.
Such synergies bring value in to Valency Networks which benefit the customers by having solutions to variety of their requirements.

What is WebDAV?

WebDAV is Web-based Distributed Authoring and Versioning, an extension to the HTTP protocol to allow for remotely managing content on a webserver. Though the HTTP protocol does define GET, PUT, and DELETE methods, these are not sufficient for proper remote authoring (for instance, HTTP provides no method for creating a remote directory). These extensions are general enough to use a webserver as repository for remote folders: Microsoft's "Web Folders" extension to Windows Explorer implemented this in a way that allowed for mostly-native access to a remote web repository as if it were a local folder right from the Windows desktop.

WebDAV is commonly used by web authoring systems, such as Adobe's Dreamweaver or Microsoft's Expression Web (followon to Frontpage), to publish information to the webserver.

It performs mostly the same functions that FTP does for publishing content, though a bit more efficiently and with features more in line with web publishing than FTP. FTP has always been a somewhat problematic protocol with respect to firewalls, and WebDAV has none of those issues (though WebDAV is reported to have its own issues with proxies).

WebDAV extends, not replaces the existing HTTP protocols, and a WebDAV-enabled server simply responds to a larger command set. This is best illustrated with this table showing the method names for the base HTTP protocol, WebDAV Extensions, and additional extensions supported by Microsoft.

Note that it's not necessary to understand the particulars here, but we feel that putting a new technology in context makes it easier to see where it fits in the big picture: consider it FYI-only.


ProtocolmethodDescription
HTTP GETRetrieves a resource (such as a web page) from the server, possible with a small amount of parameter data in the form of a query. This is the most common HTTP method.
POSTRetrieves a resource with a possibly large number of submitted parameters. This is commonly used by a web browser.
HEADIdentical to a GET request, but returns just the HTTP headers and not the body of the message.
DELETEAttempts to delete a resources; not commonly used by a browser
PUTUploads a version of a document; not commonly used by browsers.
OPTIONS

TRACE

CONNECT

Not commonly used.
WebDAV PROPFINDUsed to retrieve properties, stored as XML, from a resource. It is also overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system.
PROPPATCHUsed to change or delete ("patch") multiple properties on a resource in a single atomic act.
MKCOLUsed to create collections (example: a directory).
COPYUsed to copy a resource from one URI to another.
MOVEUsed to move a resource from one URI to another.
LOCKUsed to put a lock on a resource. WebDAV supports both shared and exclusive locks.
UNLOCKTo remove a lock from a resource.
WebDAV w/Microsoft Extensions BCOPYBatched version of COPY
BDELETEBatched version of DELETE
BMOVEBatched version of MOVE
BPROPFINDBatched version of PROPFIND
BPROPPATCHBatched version of PROPPATCH