Download mod_dav apache

Here are the specifics:. Note: I have avoided indentation of the elements to demonstrate the preservation of whitespace within the property value. The cost for implementation was considered too high, and these issues are not present in typical operation. The section numbers below refer to RFC These details are listed as the result of questions regarding the behavior of different DAV servers. As new questions and answers arise, I'll list them here.

Note that these behaviors do not contradict RFC ; they are considered "implementation-specific. Additional features will be developed as part of Apache 2.

DAV allows users to place and manipulate files in a directory on your web server. This means that you should take particular care in configuring your DAV server. When you enable DAV for a directory or location, you should also enable authentication and authorization for that space. If authorization for authenticated users is not enabled, then an anonymous user would have full control of the DAV-enabled portion of your web server.

Please see the installation instructions for information on how to properly configure your DAV server to prevent anonymous browsing and updating of your DAV-enabled web content. Not much can be done on this one. Possibly some kind of user quota thing, but For now, I'm going to say, "if they're authorized to PUT to the DAV server, then they should be responsible for how much data they store.

A solution may exist there. I'm also maintaining a page detailing significant, operational problems found in prior versions for people who haven't upgraded yet. I'm absolutely interested in any patches that you may have.

If you find and fix bugs, have platform-specific fixes, or you have patches for additional functionality, then please send them my way. I'll review and incorporate them, add your name to the list of acknowledgements, and release a new version. A mailing list for users and developers is available at the dav-dev list information page. I'd also like to thank all of the people who have provided bug reports, clarifications, interoperability experiences, etc.

The number has simply grown to large to properly list them here. If you have ever dropped me an email with your issues, then you have my thanks! A full copy of this license is available for reading, and is also enclosed with the software. The choice of license to use was actually quite difficult because I would like to ensure that any changes that a commercial entity might make are delivered back to the community a GPL or MPL style of license. Unfortunately, licenses along that line are hard to manage -- all of the existing, common licenses prevent commercial entities from working with the software typically, due to patent issues , so a custom license would be required.

The Apache-style or BSDish licenses typically don't have these restrictions, but they also don't require changes to be Open Source. IBM contributed the Class 2 locking facilities by Keith Wannamaker , and Rational contributed the repository-independent subsystem hooks by John Vasta.

The directory containing the lock database file must be writable by the User and Group under which Apache is running. Any location on the server where DAV is enabled should be protected by authentication. Nearly all WebDAV clients support this authentication method. New files created will also be owned by this User and Group. For this reason, it is important to control access to this account. The DAV repository is considered private to Apache; modifying files outside of Apache for example using FTP or filesystem-level tools should not be allowed.

Another possible denial-of-service attack involves a client simply filling up all available disk space with many large files.

There is no direct way to prevent this in Apache, so you should avoid giving DAV access to untrusted users. This is difficult because a GET request will always run the script, rather than downloading its contents. One way to avoid this is to map two different URLs to the content, one of which will run the script, and one of which will allow it to be downloaded and manipulated with DAV.

Note, that once you have DAV enabled for some location, it cannot be disabled for sublocations. For a complete configuration example have a look at the section above.