Getting Webdav Working – Valuable Tech Notes

It's being a week I'm trying to get webdav working on a Vhost without any success….
Here is my setup:
Debian 9
Apache 2.4
Virtualmin 6.01

SuexecUserGroup "#1039" "#1038"
ServerName dav.mydom.com
DocumentRoot /home/dav/public_html
ErrorLog /var/log/virtualmin/dav.mydom.com_error_log
CustomLog /var/log/virtualmin/dav.mydom.com_access_log combined
<Directory "/home/dav/public_html">
 Options Indexes MultiViews
 AllowOverride None
 Require all granted
</Directory>
Alias /webdav /home/dav/public_html
<location /webdav>
 Dav on
 AuthType Basic
 AuthBasicProvider file
 AuthName "WebDav"
 AuthUserFile /home/dav/public_html/.htpasswd
 <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK OPTIONS>
  Require valid-user
 </Limit>
</location>
ProxyPassMatch ^/(.*.php(/.*)?)$ fcgi://localhost:8005/home/dav/public_html/$1
RemoveHandler .php
RemoveHandler .php7.0
php_admin_value engine Off

Trying to test it with cadaver, I got the message I can't even enter my user name and pass

[matth@www ~]# cadaver http://dav.mydom.com/webdav/
Authentication required for WebDav on server `dav.mydom.com':
Username: 
Authentication aborted!
Could not open collection:
Could not authenticate to server: rejected Basic challenge
dav:/webdav/?

I have also tested by creating a .netrc pass to authenticate automatically but i good this then:

[matth@www ~]# cadaver https://dav.mydom.com/webdav
Could not access /webdav/ (not WebDAV-enabled?):
405 Method Not Allowed
Connection to `db.ducorporation.com' closed.
dav:!>

access.log

s.r.c.ip - - [18/Jan/2018:04:03:29 +0100] "OPTIONS /test.txt HTTP/1.1" 200 4236 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:30 +0100] "HEAD /test.txt HTTP/1.1" 200 620 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:31 +0100] "OPTIONS /test.txt HTTP/1.1" 200 1146 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:32 +0100] "HEAD /test.txt HTTP/1.1" 200 620 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:32 +0100] "OPTIONS /test.txt HTTP/1.1" 200 1146 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:33 +0100] "PUT /test.txt HTTP/1.1" 405 938 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"

error.log is empty

With suexec i'm making sure Apache is running under the proper user, also the access to any files does work from a Web browser after authentication.
Also tested
– not to use location but directory
– Disable Directory indexing
– Auth none/Digest/Basic
– Webdav folder at the route of the DocumentRoot as well as sub-folder
– Changed ownership of the public_html folder to the apache user
– Some other thing i don't remember

With all these tests, I'm getting the same error

Done my testing with Firefox/litmus/cadaver/webdav client app
With Firefox and the webdav app I'm able to read and download files but not edit PUT get as a 405 error (meaning PUT is not allowed, but it's allowed in my <Limit> section)
With litmus/cadaver no chance to do anything so far…

Hope I'm clear enough
Any input would be much appreciated

EDIT: apache logs added

Matth

Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite" Header always set Access-Control-Expose-Headers "ETag" Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK" Header always set Access-Control-Allow-Credentials "true" RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}] ServerName my.domain.com DocumentRoot /home/www/public_html ErrorLog /var/log/virtualmin/my.domain.com_error_log CustomLog /var/log/virtualmin/my.domain.com_access_log combined DavLockDB /home/www/public_html/DavLock <Directory /home/www/public_html> RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://my.domain.com/$1 [R,L] Options Indexes MultiViews SymLinksIfOwnerMatch AllowOverride None Require all granted </Directory> Alias /webdav /home/www/public_html <Location "/webdav"> Dav on DirectoryIndex none AuthType Basic AuthBasicProvider file AuthUserFile /home/www/public_html/.htpasswd AuthName "WebDav" <Limit GET HEAD POST PUT OPTIONS MOVE DELETE COPY LOCK UNLOCK> Require valid-user </Limit> <Limit OPTIONS> Require all granted </Limit> DavDepthInfinity off </Location> SSLEngine on SSLCertificateFile /home/my/ssl.cert SSLCertificateKeyFile /home/my/ssl.key SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCACertificateFile /home/my/ssl.ca RemoveHandler .php RemoveHandler .php7.0 php_admin_value engine Off RedirectMatch ^/(?!webdav) "https://my.domain.com/webdav"

Best Answer

Here is how I finally manage to get it work:
This config is working for Apache 2.4 for the SSL vhost, the HTTP one redirect to SSL.
I had to set a dedicated folder where the Apache user has dedicated read/write access.

To be more secure I wish to have Apache running as a specific user but it seems the easiest way today is to use MPM-ITK which is apparently not compatible with MPM-Prefork module that I'm using now.
Will give a try once I understand the consequences of moving from MPM-Prefork to ``MPM-ITK`.

Any comment for security improvement are welcome !

Best Answer

Related Solutions

Windows – WebDAV through Apache2 permissions/missing files

Mount WebDAV as drive in Windows 8

Related Topic