神马文学网mod_dav - Apache HTTP Server
来源:百度文库 编辑:神马文学网 时间:2024/04/28 08:39:00
Modules |Directives |FAQ |Glossary |Sitemap
Apache HTTP Server Version 2.0
Apache >HTTP Server >Documentation >Version 2.0 >Modules
Apache Module mod_dav
Available Languages: en | ja | ko
Description: Distributed Authoring and Versioning (WebDAV) functionality
Status: Extension
Module Identifier: dav_module
Source File: mod_dav.c
Summary
This module provides class 1 and class 2WebDAV (‘Web-based DistributedAuthoring and Versioning‘) functionality for Apache. Thisextension to the HTTP protocol allows creating, moving,copying, and deleting resources and collections on a remote webserver.
Directives
Dav
DavDepthInfinity
DavMinTimeout
Topics
Enabling WebDAV
Security Issues
Complex Configurations
See also
DavLockDB
LimitXMLRequestBody
WebDAV Resources
To enablemod_dav, add the following to acontainer in your httpd.conf file:
Dav On
This enables the DAV file system provider, which is implementedby themod_dav_fs module. Therefore, that modulemust be compiled into the server or loaded at runtime using theLoadModule directive.
In addition, a location for the DAV lock database must bespecified in the global section of your httpd.conffile using theDavLockDBdirective:
DavLockDB /usr/local/apache2/var/DavLock
The directory containing the lock database file must bewritable by theUserandGroup under whichApache is running.
You may wish to add a clause inside the directive to limit access toDAV-enabled locations. If you want to set the maximum amount ofbytes that a DAV client can send at one request, you have to usetheLimitXMLRequestBodydirective. The "normal"LimitRequestBody directive has no effect on DAVrequests.
Full Example
DavLockDB /usr/local/apache2/var/DavLock
Dav On
AuthType Basic
AuthName DAV
AuthUserFile user.passwd
require user admin
mod_dav is a descendent of Greg Stein‘smod_dav for Apache 1.3. Moreinformation about the module is available from that site.
Since DAV access methods allow remote clients to manipulatefiles on the server, you must take particular care to assure thatyour server is secure before enablingmod_dav.
Any location on the server where DAV is enabled should beprotected by authentication. The use of HTTP Basic Authenticationis not recommended. You should use at least HTTP DigestAuthentication, which is provided by themod_auth_digest module. Nearly all WebDAV clientssupport this authentication method. An alternative is BasicAuthentication over anSSL enabledconnection.
In order formod_dav to manage files, it mustbe able to write to the directories and files under its controlusing theUser andGroup under whichApache is running. New files created will also be owned by thisUser andGroup. For this reason, it isimportant to control access to this account. The DAV repositoryis considered private to Apache; modifying files outside of Apache(for example using FTP or filesystem-level tools) should not beallowed.
mod_dav may be subject to various kinds ofdenial-of-service attacks. TheLimitXMLRequestBody directive can beused to limit the amount of memory consumed in parsing large DAVrequests. TheDavDepthInfinity directive can beused to prevent PROPFIND requests on a very largerepository from consuming large amounts of memory. Anotherpossible denial-of-service attack involves a client simply fillingup all available disk space with many large files. There is nodirect way to prevent this in Apache, so you should avoid givingDAV access to untrusted users.
One common request is to usemod_dav tomanipulate dynamic files (PHP scripts, CGI scripts, etc). This isdifficult because a GET request will always run thescript, rather than downloading its contents. One way to avoidthis is to map two different URLs to the content, one of whichwill run the script, and one of which will allow it to bedownloaded and manipulated with DAV.
Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
DAV On
ForceType text/plain
With this setup, http://example.com/phparea can beused to access the output of the PHP scripts, andhttp://example.com/php-source can be used with a DAVclient to manipulate them.
Description: Enable WebDAV HTTP methods
Syntax: Dav On|Off|provider-name
Default: Dav Off
Context: directory
Status: Extension
Module: mod_dav
Use the Dav directive to enable theWebDAV HTTP methods for the given container:
Dav On
The value On is actually an alias for the defaultprovider filesystem which is served by themod_dav_fs module. Note, that once you have DAV enabledfor some location, it cannot be disabled for sublocations.For a complete configuration example have a look at thesection above.
Do not enable WebDAV until you have secured your server. Otherwiseeveryone will be able to distribute files on your system.
Description: Allow PROPFIND, Depth: Infinity requests
Syntax: DavDepthInfinity on|off
Default: DavDepthInfinity off
Context: server config, virtual host, directory
Status: Extension
Module: mod_dav
Use the DavDepthInfinity directive toallow the processing of PROPFIND requests containing theheader ‘Depth: Infinity‘. Because this type of request could constitutea denial-of-service attack, by default it is not allowed.
Description: Minimum amount of time the server holds a lock on a DAV resource
Syntax: DavMinTimeout seconds
Default: DavMinTimeout 0
Context: server config, virtual host, directory
Status: Extension
Module: mod_dav
When a client requests a DAV resource lock, it can alsospecify a time when the lock will be automatically removed bythe server. This value is only a request, and the server canignore it or inform the client of an arbitrary value.
Use the DavMinTimeout directive to specify, inseconds, the minimum lock timeout to return to a client.Microsoft Web Folders defaults to a timeout of 120 seconds; theDavMinTimeout can override this to a higher value(like 600 seconds) to reduce the chance of the client losingthe lock due to network latency.
Example
DavMinTimeout 600
Available Languages: en | ja | ko
Copyright 2008 The Apache Software Foundation.
Licensed under theApache License, Version 2.0.
Modules |Directives |FAQ |Glossary |Sitemap
Apache HTTP Server Version 2.0
Apache >HTTP Server >Documentation >Version 2.0 >Modules
Apache Module mod_dav
Available Languages: en | ja | ko
Description: Distributed Authoring and Versioning (WebDAV) functionality
Status: Extension
Module Identifier: dav_module
Source File: mod_dav.c
Summary
This module provides class 1 and class 2WebDAV (‘Web-based DistributedAuthoring and Versioning‘) functionality for Apache. Thisextension to the HTTP protocol allows creating, moving,copying, and deleting resources and collections on a remote webserver.
Directives
DavDavDepthInfinityDavMinTimeoutTopics
Enabling WebDAVSecurity IssuesComplex ConfigurationsSee also
DavLockDB
LimitXMLRequestBody
WebDAV Resources
To enablemod_dav, add the following to acontainer in your httpd.conf file:
Dav On
This enables the DAV file system provider, which is implementedby themod_dav_fs module. Therefore, that modulemust be compiled into the server or loaded at runtime using theLoadModule directive.
In addition, a location for the DAV lock database must bespecified in the global section of your httpd.conffile using theDavLockDBdirective:
DavLockDB /usr/local/apache2/var/DavLock
The directory containing the lock database file must bewritable by theUserandGroup under whichApache is running.
You may wish to add a
Full Example
DavLockDB /usr/local/apache2/var/DavLock
Dav On
AuthType Basic
AuthName DAV
AuthUserFile user.passwd
require user admin
mod_dav is a descendent of Greg Stein‘smod_dav for Apache 1.3. Moreinformation about the module is available from that site.
Since DAV access methods allow remote clients to manipulatefiles on the server, you must take particular care to assure thatyour server is secure before enablingmod_dav.
Any location on the server where DAV is enabled should beprotected by authentication. The use of HTTP Basic Authenticationis not recommended. You should use at least HTTP DigestAuthentication, which is provided by themod_auth_digest module. Nearly all WebDAV clientssupport this authentication method. An alternative is BasicAuthentication over anSSL enabledconnection.
In order formod_dav to manage files, it mustbe able to write to the directories and files under its controlusing theUser andGroup under whichApache is running. New files created will also be owned by thisUser andGroup. For this reason, it isimportant to control access to this account. The DAV repositoryis considered private to Apache; modifying files outside of Apache(for example using FTP or filesystem-level tools) should not beallowed.
mod_dav may be subject to various kinds ofdenial-of-service attacks. TheLimitXMLRequestBody directive can beused to limit the amount of memory consumed in parsing large DAVrequests. TheDavDepthInfinity directive can beused to prevent PROPFIND requests on a very largerepository from consuming large amounts of memory. Anotherpossible denial-of-service attack involves a client simply fillingup all available disk space with many large files. There is nodirect way to prevent this in Apache, so you should avoid givingDAV access to untrusted users.
One common request is to usemod_dav tomanipulate dynamic files (PHP scripts, CGI scripts, etc). This isdifficult because a GET request will always run thescript, rather than downloading its contents. One way to avoidthis is to map two different URLs to the content, one of whichwill run the script, and one of which will allow it to bedownloaded and manipulated with DAV.
Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
ForceType text/plain
With this setup, http://example.com/phparea can beused to access the output of the PHP scripts, andhttp://example.com/php-source can be used with a DAVclient to manipulate them.
Description: Enable WebDAV HTTP methods
Syntax: Dav On|Off|provider-name
Default: Dav Off
Context: directory
Status: Extension
Module: mod_dav
Use the Dav directive to enable theWebDAV HTTP methods for the given container:
Dav On
The value On is actually an alias for the defaultprovider filesystem which is served by themod_dav_fs module. Note, that once you have DAV enabledfor some location, it cannot be disabled for sublocations.For a complete configuration example have a look at thesection above.
Do not enable WebDAV until you have secured your server. Otherwiseeveryone will be able to distribute files on your system.
Description: Allow PROPFIND, Depth: Infinity requests
Syntax: DavDepthInfinity on|off
Default: DavDepthInfinity off
Context: server config, virtual host, directory
Status: Extension
Module: mod_dav
Use the DavDepthInfinity directive toallow the processing of PROPFIND requests containing theheader ‘Depth: Infinity‘. Because this type of request could constitutea denial-of-service attack, by default it is not allowed.
Description: Minimum amount of time the server holds a lock on a DAV resource
Syntax: DavMinTimeout seconds
Default: DavMinTimeout 0
Context: server config, virtual host, directory
Status: Extension
Module: mod_dav
When a client requests a DAV resource lock, it can alsospecify a time when the lock will be automatically removed bythe server. This value is only a request, and the server canignore it or inform the client of an arbitrary value.
Use the DavMinTimeout directive to specify, inseconds, the minimum lock timeout to return to a client.Microsoft Web Folders defaults to a timeout of 120 seconds; theDavMinTimeout can override this to a higher value(like 600 seconds) to reduce the chance of the client losingthe lock due to network latency.
Example
DavMinTimeout 600
Available Languages: en | ja | ko
Copyright 2008 The Apache Software Foundation.
Licensed under theApache License, Version 2.0.
Modules |Directives |FAQ |Glossary |Sitemap
mod_dav - Apache HTTP Server
Apache Http Server 使用
Apache Http Server 使用
apache http server 防止盜連的方法
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
Apache HTTP Server 与 Tomcat 的三种连接方式介绍
Apache Server 的個案討論
在apache下配置mod_dav(WebDav模块)--网络安全文章--左岸贵族网络安全文章系统
小探Subversion Server 之 Apache配置
apache架设http的web服务器
URL重写指南 - Apache HTTP服务器
正确配置和维护Apache WEB Server 安全性
配置Subversion apache验证|http://www.aspsky.net
给Tomcat,Apache配置gzip压缩(HTTP压缩)功能
apache
SQL Server 2000企业版安装教程,jsp,asp,sql,php,mysql,server,apache,iis,tomcat,oracle,java,linux,dns
JDK6.0的新特性:轻量级Http Server
生产环境中的一些web server(主要是三巨头apache, nginx, lighttpd)
Server
apache PHP如何利用HTTP缓存协议原理解析及应用指南
ASP.NET中树形图的实现,jsp,asp,sql,php,mysql,server,apache,iis,tomcat,oracle,java,linux,dns
WebMatrix开发ASP.NET试用手记,jsp,asp,sql,php,mysql,server,apache,iis,tomcat,oracle,java,linux,dns