Remove the comments from both lines, so that they read LoadModule dav_module libexec/httpd/libdav.so AddModule mod_dav.c NOTE
Look for the (noncontiguous) lines #LoadModule dav_module libexec/httpd/libdav.so #AddModule mod_dav.c You need to do this as root to make changes. To enable WebDAV, edit the file /etc/httpd/nf.
Large recursive requests can be sent to the server, using up resources and potentially resulting in a DoS attack.Īlthough you can deal with the first two issues with basic system administration skills, the third may require fine-tuning the mod_dav DAVDepthInfinity and LimitXMLRequestBody directives, discussed shortly. Users can store arbitrarily large files on the server, eating up disk space. mod_dav runs with the Apache server permissions, meaning files/directories that can be written to by the www user or group can be modified through WebDAV. Improper file permissions can lead to files being modified that shouldn't be. But given that you take the precautions listed in the installation document, Apache and mod_dav are quite secure.Īlthough there are no known exploits of mod_dav, there are several potential problems: You can misconfigure your Apache/ mod_dav system (in fact, SuSE Linux released an RPM like this and had to issue a security advisory and upgrade). There has not been a single reported exploit of the code in the past three years (when it was first released). WebDAV Security HistoryĪs far as security goes, consider this statement, taken from the mod_dav FAQ:Īpache and mod_dav are quite secure. Instead, it piggybacks on HTTP, using the Apache server process and all its access controls to manage who can access what.
WebDAV is unique in that it doesn't introduce another protocol or server process to your machine.
#WEBDAV SERVER MAC OS X MAC OS X#
Mac service provides iDisk access via WebDAV, and the Mac OS X Apache distribution includes mod_dav, enabling your machine to serve other Linux, Windows, and Mac clients. WebDAV (Web Distributed Authoring and Versioning) is another popular form of file sharing built into Mac OS X.