How to set up a secure webdav area on an Apache 2.0 server that is mountable from windows

From UConn PAN
Revision as of 14:53, 28 August 2007 by Jonesrt (talk | contribs)
Jump to navigation Jump to search

There is plenty of help on the web regarding how to set up a webdav area on an Apache 2.0 server using the mod_dav apache module. If this is enabled on an area of the site secured with SSL/TLS (reachable by urls beginning with https:) there are a few extra steps, also widely documented. What was not so easy to figure out how to do was how to do client authentication based on client certificates. Most of the sites out there assume that people should use http basic authentication and type passwords all of the time. I wanted to use my client certificate instead. The short answer is that it is only possible if you are willing to configure a separate webdav area for each user. In this case, one can configure a webdav directory for each user in ssl.conf as follows. 

Alias /davusers/ "/home/www/davusers/"
<Directory "/home/www/davusers/newman/">
    DAV On
    SSLVerifyClient on
    SSLVerifyDepth  10
    SSLRequire %{SSL_CLIENT_S_DN_CN} =~ m/^Alfred E\. Newman/
</Directory>

Note the trailing slashes on all of the webdav area directories, both actual and alias. These slashes are necessary in order to be compatible with the Windows XP explorer webdav interface.

Alternatively one might chose to have just one shared webdav area for all users, and use basic http authentication based on passwords. 

Alias /davusers/ "/home/www/davusers/"
<Directory "/home/www/davusers/">
    DAV On
    AuthType Basic
    AuthName "WebDAV Restricted"
    AuthUserFile /home/www/.htpasswd/webdav.htpasswd
    <LimitExcept OPTIONS>
        Require user jonesrt
    </LimitExcept>
    SSLVerifyClient off
</Directory>
Retrieved from "https://zeus.phys.uconn.edu/wiki/index.php?title=How_to_set_up_a_secure_webdav_area_on_an_Apache_2.0_server_that_is_mountable_from_windows&oldid=2464"