Apache WebDAV Configuration

Author: Samuel Williams When: Wednesday, 01 April 2009

WebDAV is a very useful tool for sharing files. If you want to have both anonymous access and authenticated access, you require some specific configuration:

<VirtualHost *>
	# ... standard configuration ...
	# ServerName, DocumentRoot, etc

	# Root DAV which requires authentication to access:
	<Location "/MyFiles/">
		DAV on
		AuthType Digest
		AuthName "Digest Realm"
		AuthUserFile /etc/apache2/users/myfiles.htdigest
		Require user me
	
		<LimitExcept GET HEAD OPTIONS REPORT PROPFIND>
			Require user me
		</LimitExcept>
	</Location>

	# Specific folder which can be accessed anonymously (read-only)
	<Location "/MyFiles/Public/">
		<Limit GET HEAD OPTIONS REPORT PROPFIND>
			Allow from all
			Satisfy any
		</Limit>
	</Location>
	
	# Specific folder which can be accessed anonymously (read/write)
	<Location "/MyFiles/DropBox/">
		Allow from all
		Satisfy any
	</Location>
</VirtualHost>

The key here is understanding how Limit and LimitExcept can be used. Limit means that for the given set of requests, process the block. LimitExcept means that for any other type of request other than those given, process the block. The thing to identify is that Satisfy any can then be used within a Limit or LimitExcept block to control anonymous access. This can be used, along with typical Allow from all access controls to provide fine grained access to DAV repositories.

See also

Comments

Leave a comment

Please note, comments must be formatted using Markdown. Links can be enclosed in angle brackets, e.g. <www.codeotaku.com>.