WebDAV and Windows 7 client

Question

I've enabled apache dav module on my site and configured digest authentication for it. Now i'm trying to connect windows drive to it. Command follows:

net use z: http://dav.mysite.com/Files /user:username *

then it asks for password. After that drive appears to be connected except for one detail. In server logs I can see strange 401 errors:

xx.xx.xx.xx - - [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files HTTP/1.0" 401 751
xx.xx.xx.xx - username [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files HTTP/1.0" 301 495
xx.xx.xx.xx - - [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files/ HTTP/1.0" 401 751
xx.xx.xx.xx - username [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files/ HTTP/1.0" 207 1175
xx.xx.xx.xx - - [22/Mar/2011:23:05:07 +0000] "PROPFIND /Files HTTP/1.0" 401 751
xx.xx.xx.xx - username [22/Mar/2011:23:05:07 +0000] "PROPFIND /Files HTTP/1.0" 301 495
xx.xx.xx.xx - - [22/Mar/2011:23:05:07 +0000] "PROPFIND /Files/ HTTP/1.0" 401 751
xx.xx.xx.xx - username [22/Mar/2011:23:05:07 +0000] "PROPFIND /Files/ HTTP/1.0" 207 1175

As you can see for any proper digest authenticated request it sends one wrong request

My apache config:

<VirtualHost xx.xx.xx.xx:80>
        ServerAdmin webmaster@dav.mysite.com
        ServerName dav.dav.mysite.com
        DocumentRoot /var/www/dav.mysite.com/
        UseCanonicalName Off

        Alias /Files "/var/www/dav.mysite.com/"



        BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
        BrowserMatch "MS FrontPage" redirect-carefully
        BrowserMatch "^WebDrive" redirect-carefully
        BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
        BrowserMatch "^gnome-vfs/1.0" redirect-carefully
        BrowserMatch "^XML Spy" redirect-carefully
        BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
        BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On


        <Directory "/var/www/dav.mysite.com">
                Dav On
                Order allow,deny
                Allow from all
                AuthType Digest
                AuthName "DAV-upload"
                AuthDigestDomain /Files/
                AuthDigestProvider file
                AuthUserFile /var/www/webdav.passwd
                Require valid-user
        </Directory>

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel error
        ErrorLog /var/log/apache2/dav.dav.mysite.com-error.log
        CustomLog /var/log/apache2/dav.dav.mysite.com.log common
        ServerSignature Off
</VirtualHost>

And it works very-very slowly. Why do you think it sends requests without authentiocation? BTW other webdav clients work properly

P.S. nginx is sitting in front of apache and passing ALL the traffic to it

score 4 · Answer 1 · answered Mar 23 '11 at 03:25

4

Welcome to a huge pain. I had the same problem and figured it out in windows. First thing is go to internet explorer then tools internet options. Go to connections tab and look at I believe lan settings. Here look if "auto detect lan settings" is checked. If so uncheck it. This will fix the speed issues. If you still see problems come back and ill give you some more ideas.

answered Mar 23 '11 at 03:25

gdurham

879
7
10

OOOOOOMG! You are my hero! – Dmytro Leonenko Mar 23 '11 at 06:50
But 401 errors still exist – Dmytro Leonenko Mar 23 '11 at 06:51
Thanks I try lol. For the 401 errors are they only for this client? If so I would clear all cache in IE including passwords and see if that helps. Or rebuild the profile as a last resort – gdurham Mar 23 '11 at 13:57
Have you tried adding it as a network drive through my computer just make sure to click on use other username/password – gdurham Mar 23 '11 at 14:22
Yes. Just the same behaviour – Dmytro Leonenko Mar 24 '11 at 07:15
At least Windows XP SP3 doesn't do that. But windows 7 does. – Dmytro Leonenko Mar 24 '11 at 18:12
how bout this, is it causing any issues? Can the Windows 7 machine access what needs to be accessed? – gdurham Mar 24 '11 at 19:43

score 0 · Answer 2 · edited May 23 '17 at 12:41

I was able to find an answer that this is apparently by design: the authentication challenge is to be on every request. A work around that I implemented is to allow anonymous directory/file listing (PROPFIND requests) and authentication on everything else using Apache config shown below. The speed improvement is significant, for a python project with 21876 files a refresh takes half as long, 11 minutes vs 22 minutes with authentication.

## Development HTTP Site
<VirtualHost *:80>
        ServerAdmin support@klinsight.com
        ServerName development.FOO.com
        ServerAlias www.development.FOO.com

        # Log file location and settings; logs within project is ok as long as 'links' are made to system 'var/log/apache'
        ErrorLog /var/log/apache2/development.FOO.com-error.log
        CustomLog /var/log/apache2/development.FOO.com-vhost_combined-access.log vhost_combined

        # Canonical to always strip www - see: https://stackoverflow.com/questions/88011/make-apache-automatically-strip-off-the-www
        RewriteCond %{HTTP_HOST} ^www\.(.+)$
        RewriteRule ^(.*)$ ${SERVER_PROTOCOL}://%1/$1 [R=301,L,NC]

        # Authenticated access for the development site version - because without this Google will find you!
        # Just in case we also prevent serving of the password logins file if it is stored in a serving folder.
        Redirect /apache-logins.htdigest http://development.FOO.com
        <Location />
                DAV On
                DirectoryIndex disabled
                Options +Indexes
                AuthType Digest
                AuthName "development.FOO.com"
                # AuthDigestDomain which urls (and any under it) this applies - should match location
                AuthDigestDomain /
                AuthDigestProvider file
                AuthUserFile /srv/www/django/development.FOO.com/apache-logins.htdigest
                # uncomment the LimitExcept to receive a small boost for non caching Windows WebDav client by allowing
                # anonymous directory listing; see http://serverfault.com/questions/250578/webdav-and-windows-7-client
                <LimitExcept PROPFIND>
                    Require valid-user
                </LimitExcept>
        </Location>

        WSGIProcessGroup development.FOO.com
        # You can further limit processes, threads and set a inactivity-timer so deamon get unloaded
        WSGIDaemonProcess development.FOO.com display-name=%{GROUP}
        WSGIScriptAlias / /srv/www/django/development.FOO.com/apache-django-development.wsgi

        # Serve static / media files through apache instance and alias/map them to specific urls. to maximize security
        # `Options -Indexes` is enabled to prevent directory listing
        Options -Indexes
        Alias /robots.txt /srv/www/django/development.FOO.com/src/django-project/static/robots.txt
    #Alias /sitemap.xml /srv/www/django/development.FOO.com/src/django-project/static/sitemap.xml
        Alias /favicon.ico /srv/www/django/development.FOO.com/src/django-project/static/favicon.ico
        Alias /media /srv/www/django/development.FOO.com/src/django-project/static/
        Alias /static /srv/www/django/development.FOO.com/src/django-project/static/

</VirtualHost>

Here is some more information: https://stackoverflow.com/questions/666553/how-to-avoid-windows-vista-to-do-double-webdav-requests

WebDAV and Windows 7 client

2 Answers2