[drupal-devel] Howto enable webdav in your drupal directory

Gerhard Killesreiter killesreiter at physik.uni-freiburg.de
Mon Feb 7 12:24:00 UTC 2005



On Mon, 7 Feb 2005, [ISO-8859-1] Karsten M=FCller wrote:

> >> Note: Using webdav without SSL is probably a security risk...
> >
> > More than standard http?
>
> The SSL encryption avoids the transmission of cleartext passwords.

Yes, but that is the same with standard http.

> >> Add this line to .htaccess just befor the RewriteRule line(s):
> >> RewriteCond %{REQUEST_METHOD} !(^PUT$|^DELETE$|^PROPFIND$)
> >
> > I think this is the key issue.
>
> Yes. I meanwhile changed it to
> RewriteCond %{REQUEST_METHOD} (^GET$|^HEAD$|^POST$)
>
> This would catch the commonly used HTTP methods instead of just a few
> webdav methods
> (implemented by mod_dav are OPTIONS, DELETE, PROPFIND, PROPPATCH, COPY,
> MOVE, LOCK, UNLOCK).

Right, that is probably better.

> > If I read all this stuff right, you will now be able to modify Drupal's
> > files through webDAV.
>
> As James said that would be cool;)

Shouldn't that work for you? Ie couldn't you add some modules through
webDAV?

Cheers,
=09Gerhard



More information about the drupal-devel mailing list