How To Disable Web Dav Extensions

WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. Many web servers enable WebDAV extensions by default, even when they are not needed. Because of its added complexity, it is considered good practice to disable WebDAV if it is not currently in use.


What is WebDAV?

WebDAV is Web-based Distributed Authoring and Versioning, an extension to the HTTP protocol to allow for remotely managing content on a webserver. Though the HTTP protocol does define GET, PUT, and DELETE methods, these are not sufficient for proper remote authoring (for instance, HTTP provides no method for creating a remote directory). These extensions are general enough to use a webserver as repository for remote folders: Microsoft's "Web Folders" extension to Windows Explorer implemented this in a way that allowed for mostly-native access to a remote web repository as if it were a local folder right from the Windows desktop.

WebDAV is commonly used by web authoring systems, such as Adobe's Dreamweaver or Microsoft's Expression Web (followon to Frontpage), to publish information to the webserver.

It performs mostly the same functions that FTP does for publishing content, though a bit more efficiently and with features more in line with web publishing than FTP. FTP has always been a somewhat problematic protocol with respect to firewalls, and WebDAV has none of those issues (though WebDAV is reported to have its own issues with proxies).

WebDAV extends, not replaces the existing HTTP protocols, and a WebDAV-enabled server simply responds to a larger command set. This is best illustrated with this table showing the method names for the base HTTP protocol, WebDAV Extensions, and additional extensions supported by Microsoft.

Note that it's not necessary to understand the particulars here, but we feel that putting a new technology in context makes it easier to see where it fits in the big picture: consider it FYI-only.

Protocol Method Description
HTTP GET Retrieves a resource (such as a web page) from the server, possible with a small amount of parameter data in the form of a query. This is the most common HTTP method.
POST Retrieves a resource with a possibly large number of submitted parameters. This is commonly used by a web browser.
HEAD Identical to a GET request, but returns just the HTTP headers and not the body of the message.
DELETE Attempts to delete a resources; not commonly used by a browser
PUT Uploads a version of a document; not commonly used by browsers.
OPTIONS
TRACE
CONNECT
Not commonly used.
WebDAV PROPFIND Used to retrieve properties, stored as XML, from a resource. It is also overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system.
PROPPATCH Used to change or delete ("patch") multiple properties on a resource in a single atomic act.
MKCOL Used to create collections (example: a directory).
COPY Used to copy a resource from one URI to another.
MOVE Used to move a resource from one URI to another.
LOCK Used to put a lock on a resource. WebDAV supports both shared and exclusive locks.
UNLOCK To remove a lock from a resource
WebDAV w/Microsoft Extensions BCOPY Batched version of COPY
BDELETE Batched version of DELETE
BMOVE Batched version of MOVE
BPROPFIND Batched version of PROPFIND
BPROPPATCH Batched version of PROPPATCH