Solved

Setting up WebDAV with Apache2 on Unix (Mac)

Posted on 2008-10-02
13
1,347 Views
Last Modified: 2013-12-23
I am having a hard time getting WebDAV to work on my Apache Server.  I think I have followed the instructions correctly, but with so many flavors of Unix and Linux and version of Apache, I can't be sure I've got everything straight.  Can someone please walk me through this?  Apache is working and I can access my site directory via http.  Here are the relevant parts of my httpd.conf file:

LoadModule dav_module libexec/apache2/mod_dav.so
LoadModule dav_fs_module libexec/apache2/mod_dav_fs.so

DocumentRoot "/Library/WebServer/Documents"

# First, we configure the "default" to be a very restrictive set of features.
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Directory /Library/WebServer/Documents>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<Directory /users/MyUserName/Sites/MySubfolder/>
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "WebDAVUsers"
    AuthType Digest
    AuthUserFile /etc/apache2/digestpwd
</Directory>


/users/MyUserName/Sites is the user level document root where I keep my website's documents.  MySubfolder is the directory I want to access via WebDAV.


Mike

0
Comment
Question by:shacho
  • 9
  • 4
13 Comments
 
LVL 4

Assisted Solution

by:urgoll
urgoll earned 500 total points
ID: 22626366
(please refer to the code snippet section)

You first need to setup a place for DAVFS to store its locks. This is done with the DavLockDB statement, where  /var/run/apache2 is a directory where the user running apache2 has write access.

Next, you need to specify a URI that will match your physical file location (/users/MyUserName/Sites/MySubfolder) and configure it for DAV access. If you just copy-paste the content of the code snippet, you should be able to connect to your WebDAV folder using the URL :  http://yourserver/dav

Of course, change the URI as you see fit.

Hope this helps.
DavLockDB       /var/run/apache2/DavLock
 

Alias /dav /users/MyUserName/Sites/MySubfolder

<Location /dav>

    Dav on

    Order allow,deny

    Allow from all

    AuthName "WebDAVUsers"

    AuthType Digest

    AuthUserFile /etc/apache2/digestpwd

</Location>

Open in new window

0
 

Author Comment

by:shacho
ID: 22629654
Awesome!  OK - I can connect now, thanks very much to you.  I added the following line in order to activate password authentication:

Require User BlahBlahBlah

Alias /dav /users/MyUserName/Sites/MySubfolder
<Location /dav>
    Dav on
    Order allow,deny
    Allow from all
    AuthName "WebDAVUsers"
    AuthType Digest
    AuthUserFile /etc/apache2/digestpwd
    Require User BlahBlahBlah
</Location>

It does indeed ask me for a password, but it doesn't like the name and password I supplied.

The apache access.log says:
10.0.1.1 - - [03/Oct/2008:08:22:53 +0900] "PROPFIND /dav HTTP/1.1" 401 401

This is what I used to create the password file:
htdigest -c /etc/apache2/digestpwd WebDAVUsers BlahBlahBlah

I guessed with the 'realm' field entry of "WebDAVUsers".  I'm not sure what it's for.


Mike
 
0
 
LVL 4

Assisted Solution

by:urgoll
urgoll earned 500 total points
ID: 22630354
The first issue I see is that you have authentication directives both in the <Directory> and <Location> section, so I recommend removing them from the <Directory> section.

Second, it is possible that your WebDAV client (which you did not speciy) does not support digest authentication. As a test, you could try to switch to basic authentication:
* create the file with :
     htpasswd -c /etc/apache2/basicpwd BlahBlahBlah
* Change AuthType to Basic
* Change AuthUserFile accordingly
* restart apache then try to access again. If it still fails, can you also look at the error.log file ? If it works, then the issue is likely to be your client no supporting digest authentication. If you could provide the client name and version you're using, it would be helpful.

Note that basic authentication is not secure, as the credentials are transfered in clear text. If you WebDAV goes over an untrusted network, you should enable SSL to secure the connection.
0
 

Author Comment

by:shacho
ID: 22631791
I will try again when I get home tonight.  In the mean time:

>I recommend removing them from the <Directory> section.
Understood.

>If you could provide the client name and version you're using, it would be helpful.
I tried two clients, Mac OS X Finder (CMD-K) and Microsoft Windows Explorer.  Both (I believe) are supposed to work with digest authentication.  Both work with no authentication.  I have not tried a web browser yet.

Mike

0
 

Author Comment

by:shacho
ID: 22633138
Getting closer.  Here is a list of what I can and cannot currently do:

No Authentication
Finder in OS X -> Yes
Explorer in XP -> Yes

Basic Authentication
Finder in OS X -> Yes
Explorer in XP -> Yes

Digest Authentication
Finder in OS X -> Yes
Explorer in XP -> NO

However - on testing I see that I cannot write to the drive; I can only see its contents.  By adding Options Indexes, I was able to access the volume through a web browser.  Oddly, though, no contents appeared in the folder when viewed this way.

I guess I should start by working out how to become able to write to the folder with no authentication first.  Could this be a directory permissions issue.  Here is my current conf entry:

DavLockDB /var/run/apache2/DavLock
 
Alias /dav "/users/UserName/Sites/MySubfolder"
<Location /dav>
    Options Indexes
    Dav on
    Order allow,deny
    Allow from all
#    AuthName "WebDAVUsers"
#    AuthType Basic
#    AuthUserFile /etc/apache2/basicpwd
#    AuthType Digest
#    AuthUserFile /etc/apache2/digestpwd
#    Require User BlahBlahBlah
</Location>

Here is the error reported in the log when I tried to add a folder through the WebDAV interface:

The locks could not be queried for verification against a possible "If:" header.  [500, #0]
Could not open the lock database.  [500, #400]
(2)No such file or directory: Could not open property database.  [500, #1]



Mike

0
 

Author Comment

by:shacho
ID: 22634549
I realized that I hadn't set up the DavLock directory yet.  So I created it and reconfigured httpd.conf.  Here are the steps I took to get there:

[TERMINAL]
mkdir /etc/apache2/DavLock
chown www:www DavLock

[HTTPD.CONF]
DavLockDB /etc/apache2/DavLock

I still cannot write to the folder.  The error message in the log is essentially the same:
The locks could not be queried for verification against a possible "If:" header.  [500, #0]
Could not open the lock database.  [500, #400]
(13)Permission denied: Could not open property database.  [500, #1]

Mike


0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Accepted Solution

by:
urgoll earned 500 total points
ID: 22634748
Mike,
this is a common mistake (which took me hours to fix the first time I tried to setup WebDAV): /etc/apache2/DavLock is NOT a directory, it's the base filename for the lock database. The actual filename will depend on which database library is linked against apache. For example, on my server here it's DavLock.dir and DavLock.pag.

So what it means is you need to have the directory /etc/apache2 exist and be writable by your www user. Since it is not good practice to have your config directory be writable by the daemon, it's better to have that be in /var/somethineorother.

So for example:

[TERMINAL]
mkdir /var/apache2/
chown www:www /var/apache2

[HTTPD.CONF]
DavLockDB /var/apache2/DavLock
0
 

Author Comment

by:shacho
ID: 22638875
Excellent!  Last hurdle.  Everything works fine for OS X.  But, I cannot connect using basic or digest authentication from XP (no authentication does work).  If I try to connect via Mozilla from XP, I can authenticate and see the directory, but I can't see any contents.  How can I make this work?  

Mike
0
 

Author Comment

by:shacho
ID: 22638883
Don't know if this is relevant but currently the contents of /var/apache2 are
DavLock.dir
DavLock.pag

Mike

0
 

Author Comment

by:shacho
ID: 22638901
Also - this is what access.log when I try to connect from XP:

"OPTIONS / HTTP/1.1" 200 -
"PROPFIND /dav HTTP/1.1" 401 401
"PROPFIND /dav HTTP/1.1" 401 401
"PROPFIND /dav HTTP/1.1" 401 401

Mike

0
 

Author Comment

by:shacho
ID: 22638937
Ah!  Got it!!  

From: http://blog.pclark.net/2005/03/fun-with-windows-xp-and-webdav.html

"The secret is to add a port number to the URL"
Use: http://my.site.com:80/mydirectory
NOT: http://my.site.com/mydirectory.

urgoll - you are a genius.  Thanks so much!

Cheers,

Mike




0
 
LVL 4

Expert Comment

by:urgoll
ID: 22640861
Actually, I'd say I'm an expert, not a genius. <grin>

I'm glad I was able to help!

Regards,
0
 

Author Comment

by:shacho
ID: 22646733
Next step is to get my other XP machine to connect.  Just added a question here:
http://www.experts-exchange.com/Software/Server_Software/Web_Servers/Apache/Q_23789292.html
Please have a look if you can.

Cheers,

Mike


0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now