WebDAV

From DreamHost
Jump to: navigation, search

WebDAV, or Web-based Distributed Authoring and Versioning, is an extension to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers. The World Wide Web, as conceived by Tim Berners-Lee, was always intended to be a readable and writable medium; however, as the web grew it became a largely read-only medium. WebDAV has emerged as a way to restore that functionality, although it is no longer concerned with the versioning aspect - just the distributed authoring part.

client

Need to know how to access a WebDav directory from your local machine? Read WebDAV_How-To_Access.

server

The subsections here are ordered by need-to know: most likely a person needs to know these details.

basic setup

via DreamHost Control Panel

Do this via the Dreamhost Control Panel->Goodies->Htaccess/WebDAV. It allows you specify the directory (new or pre-existing) to enable WebDAV on. You can specify the directory "name" that appears in pop-up. You can also turn on/off allowing linking to files in the directory, and specify a list of file extensions that are forbidden in the directory. User accounts are controlled by just a "user accounts for this area" text box where you list usernames and passwords. If you have a lot of directories you want WebDAV on, you would have to add the users for each directory separately via the panel. Also, any user has access to the entire directory. (For issues of finer-grain access control, see about .htaccess below.

via your own config file (containing the DAV directive)

httpd.apache.org tells how. This is the normal method. And it could have enormous benefit over setup #via DreamHost Control Panel given the problems with that.

However, Dreamhost doesn't allow you to do this says this forum post. Why? Workarounds?

https access

If you want security that can't be broken if someone can examine your connection link (such as tuning in to your 802.11), then you'll need to setup and use WebDAV over https - it is possible but you will need to have a unique IP address. You need to enable the SSL service on your actual domain name. You will then be able to access WebDAV via SSL. You can set up this secure service for your domain by clicking the 'edit' button located under the 'Secure Hosting' column next to your domain here: https://panel.dreamhost.com/index.cgi?tree=domain.manage

Access levels which are Custom and/or settings which are Managed Automatically

  • The Dreamhost Control Panel -> Goodies-> Htaccess/WebDAV allows one to specify what users have access to a WebDAV-enabled directory, and each user has full access to all files in the entire directory. And while this gets one started quick with basic security, as one grows in users this starts having increasing problems:
    1. There is no file-level security
      • Users can potentially overwrite edits by another user, even delete another users's file
      • Any files intended private are viewible by all users of the folder
    2. User management cannot be done automatically (example, no adding users via PHP scripts)
  • So what we'd really like to do (especially when more than one user) is to specify access levels (Access-Control-Lists) on a per-folder (or maybe even per-file) basis, and eventually (as the the user count grows) manage the users & passwords list automatically thru scripts. And on Apache (the web server Dreamhost uses), this can be done by creating/editing appropriate .htaccess & .password files, each typically placed in every folder where we want to make an exception. However:

create & edit one's own .htaccess & .password files (on Dreamhost WebDAV)

--this seems impossible -- help! As

  1. In this Dreamhost WebDAV, the root WebDAV folder all subfolders are set to Unix permissions rwxr-xr-x (and rwxr--r-- for every file), with the user & group being set to dhapache which seemingly no standard Dreamhost user is a member of. As a consequence, the ONLY way to create/edit any file/folder within WebDAV is thru the WebDAV protocol (ftp & sftp & sh will not work) but
  2. Thru WebDAV (at least on Dreamhost) it is impossible (disallowed) to create any file named ".htaccess"; it will list .htaccess (and .htpassword) (the ones already there (in the WebDAV root)) but the .htaccess which is there has permissions r-------- so it is impossible for anyone (but user dhapache) to access.

Anyone know how to fix?? Please write solutions here:

  1. Possibly use Subversion instead of WebDAV. As
    1. though more complex to setup,
    2. Dreamhost Subversion can have directory level access-control (though still a security hole as DH doesn't (yet?) provide support to reset the chmod after a custom change)
    3. Subversion can provide WebDAV which also has basic auto-versioning
    4. Any drawbacks?
  2. Use #basic setup #via your own config file (containing the DAV directive) instead. But how?

WebDAV and mod_rewrite

Wordpress (and possibly other installs) puts rewrite directives in your site’s base directory, even when installed to a subdirectory. This breaks WebDAV access. To fix, modify the base .htaccess as follows: Before each RewriteRule add

RewriteCond %{REQUEST_URI} !/webdavdir

where webdavdir is the directory you want WebDAV access to. For multiple directories, put them in parens separated by pipes, like so:

RewriteCond %{REQUEST_URI} !/(webdavdir1|webdavdir2|webdavdir3)

…and so on. (If you have WebDAV directories deeper than top-level you’ll need to specify /path/to/webdavdir.) -Elmariachi 22:08, 22 February 2011 (PST)

access the source of files normally pre-processed by the web server

One problem with WebDAV is that it does not allow you to edit the source of server processed files, including PHP, shtml, Perl, etc. This is because it uses the same command to "GET" the file as your web browser. The webserver has no way of knowing to not process the php file and give you the output instead of the source code. Adding this line to your .htaccess file will disable all processing:

SetHandler default-handler

Meaning .php files will show their source, including any passwords you have coded in. You will need to get support to add this line, as well as change the permissions to allow you to edit the file. Any changes made to this file will be overwritten if you make any changes in the panel to your htaccess/webdav options.

You can also rename files (from a write-enabled WebDAV connection) so that Apache doesn’t attempt to process them based on their extensions. Change script.pl to script.pl.txt and you’ll get the source. -Elmariachi 22:25, 22 February 2011 (PST)

applying WebDAV to an entire domain, not just to one of its folder

This is mostly aesthetic (why it's listed last), but still sometimes desirable. As setup #via DreamHost Control Panel won't currently allow you to apply WebDAV to an entire domain. But, using the magic of Apache's rewrite module, you can make it seem like you are.

A note of caution

WebDAV uses it's own .htaccess and .htpassword file which are controlled by the WebDAV interface and may not always be visible. This may cause "abnormal" behavior in certain instances, such as creating a WebDAV directory off of your domain's root directory (e.g. http://example.com/webdav/). There is at least one incident where doing this caused processing of the pre-existing .htaccess file to silently fail resulting in no page display. It is suggested that if you're creating a WebDAV directory, you ensure that the target WebDAV (as well as it's parent) are reasonably isolated from your main site.

Step 1

Use the WebDAV goodies panel to setup a directory with WebDAV enabled. For the rest of this guide it will be assumed that the directory is called "site".

Step 2

If you already have any data or directories you want to be part of the new WebDAV site then connect to your new WebDAV share and upload them there. The URL of your WebDAV share should be something like http://yourURL/site/. Don't worry about modifying the links within your pages. The magic we will do in the next step means they will still work exactly the same way they currently do.

Step 3

Now we have to use a .htaccess file to rewrite requests to http://yourURL to use the data stored in http://yourURL/site/ (afterwards visitors wont even know it's happening). In the main folder for your domain you should put a file called ".htaccess". Make sure you include the period at the start. Put the following text into the file:

RewriteEngine on
RewriteCond %{REQUEST_URI} !site/
RewriteRule ^(.*)$ /site/$1

The first line turns on rewriting. The second line tells the webserver not to rewrite http://yourURL/site/ and the third line line tell the webserver to rewrite all requests to http://yourURL/ to use the data from http://yourURL/site/. If you have directories that you don't want to be under WebDAV control then you should add additions RewriteCond lines like the one for "sites". For example if you don't want the directory "scripts" to be rewritten you would add the line:

RewriteCond %{REQUEST_URI} !scripts/

Conclusion

That's it! When you surf to http://yourURL/ you should actually be sent the data from http://yourURL/site/ but your URLs will look exactly the same as they did before.

External links