WebDAV Basics: File Sharing Over HTTP
WebDAV (Web-based Distributed Authoring and Versioning) is an HTTP extension that lets you manage files on remote servers over the web. It’s built on HTTP/1.1, so it works through standard web infrastructure—firewalls, proxies, load balancers—without special configuration.
Think of it as a bridge between simple HTTP file serving and full-featured version control. You get file locking to prevent edit conflicts and metadata tracking without the overhead of setting up a dedicated VCS.
How WebDAV Works
WebDAV extends HTTP with additional methods and headers. The core operations are:
- PROPFIND — Query file properties and directory listings
- MKCOL — Create collections (directories)
- PUT — Upload or update files
- DELETE — Remove files or directories
- LOCK/UNLOCK — Prevent concurrent edits on a resource
- MOVE/COPY — Rename or duplicate files
Most WebDAV clients (file managers on macOS, Windows, and Linux) use these methods transparently. When you mount a WebDAV share, it behaves like a network drive—drag-and-drop uploads, right-click edits, all standard filesystem operations.
WebDAV on Modern Systems
macOS
Connect via Finder: Cmd+K → Enter WebDAV URL like https://example.com/webdav
Linux
Mount with davfs2:
sudo apt install davfs2
mkdir ~/webdav-mount
sudo mount -t davfs https://example.com/webdav ~/webdav-mountEdit /etc/davfs2/secrets to store credentials, otherwise you’ll be prompted each mount.
Windows
Map network drive: File Explorer → This PC → Map network drive → Enter URL like https://example.com/webdav
Setting Up a WebDAV Server
Most web servers support WebDAV with minimal configuration.
Apache 2.4
Enable required modules and create a protected directory:
<IfModule mod_dav.c>
<Directory /var/www/webdav>
Dav On
AuthType Basic
AuthName "WebDAV Share"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</IfModule>Create user credentials:
htpasswd -c /etc/apache2/.htpasswd usernameNginx
Nginx doesn’t natively support WebDAV methods. Use a third-party module or proxy to a backend server like Apache or use dedicated WebDAV servers.
Caddy
Caddy has WebDAV support via the caddy-webdav build:
example.com/webdav {
webdav {
root /var/www/webdav
}
}Practical Use Cases
Document Collaboration — Teams editing shared documents with conflict prevention via locking. Better than email exchanges, simpler than setting up Git for non-developers.
Content Management — Agencies managing client assets without direct server access. Clients mount the share and upload directly.
Backup Destinations — Backup software can write directly to a WebDAV endpoint, useful when you don’t want to expose SSH or manage storage separately.
Version Control Integration — Some CI/CD pipelines publish artifacts to WebDAV for distribution without needing artifact repositories.
Important Limitations
WebDAV lacks true version control. It doesn’t track who made changes, when, or why. It’s not a replacement for Git. Locking is advisory—clients must respect locks; a misbehaving client can ignore them.
Performance degrades with large files or deep directory trees compared to native filesystems or purpose-built cloud storage APIs.
Older WebDAV clients sometimes struggle with SSL/TLS verification. Always use HTTPS in production and ensure your certificate is valid.
Security Considerations
- Always require HTTPS; HTTP transmits credentials in basic auth without encryption
- Use strong passwords or certificate-based authentication if your server supports it
- Restrict WebDAV access by IP if possible
- Monitor client access patterns—WebDAV doesn’t log as granularly as other protocols
- Set reasonable quotas per user or share to prevent disk exhaustion
WebDAV remains useful for specific workflows where simplicity and broad OS support matter more than advanced features. It’s particularly valuable in mixed environments where not all users have command-line access or where a traditional filesystem abstraction is required.