What is WebDAV? In what contexts do you encounter it? How does it differ from its alternatives?
The web and WebDAV
The world-wide web was intended to be a medium for consuming and producing content. But web-browsers almost immediately lost their ability to edit webpages, and read-only content ballooned to become the overwhelming norm.
Collaborative editing of remote content is often needed, nevertheless, and so it’s reappeared in the web in multiple guises. WebDAV (Web Distributed Authoring and Versioning) is one mechanism. A webserver that supports WebDAV simultaneously works like a fileserver. That’s a powerful capability.
You might encounter WebDAV in the Apache HTTP Server, Microsoft IIS, Box.com, WordPress, Drupal, Microsoft Sharepoint, Subversion, Git, Windows Explorer, macOS Finder, Microsoft Office, Apple iWork, Adobe Photoshop, and many other places.
WebDAV dates back to the late 90s; in internet years, it’s ancient. In the world of web protocols and APIs it predates both SOAP/XML and RESTful architectures. Despite its longevity, WebDAV implementations can be quirky. Many servers and clients implement subsets or extended subsets of the multiple standards involved. Thus interoperability can’t be assumed; success depends on the platform, environment, and vendor-specific extensions.
Due to all this, in many of its use cases WebDAV is being supplanted by more modern mechanisms. But it’s still a powerful capability, and a reliable workhorse when the right servers and clients are matched. You can encounter it in many different contexts.
What is WebDAV?
WebDAV (RFC 4918) is an extension to HTTP, the protocol that web-browsers and webservers use to communicate with each other. The WebDAV protocol enables a webserver to behave like a fileserver too, supporting collaborative authoring of web content.
WebDAV extends the set of standard HTTP methods and headers to provide the ability to create a file or folder, edit a file in place, copy or move or delete a file, etc. As an extension to HTTP, WebDAV normally uses port 80 for unencrypted access and port 443 (HTTPS) for secure access.
To support collaborative authoring, the original specification of WebDAV included file locking, but it punted on the “versioning” part of DAV due to the complexity of the revision tracking domain. DeltaV (RFC 3253), the versioning and configuration management piece of WebDAV, was defined later. Searching capabilities were also added in a later extension (RFC 5323).
File access and manipulation is a well-understood capability that’s useful to a wide audience. But revision tracking is foreign to nontechnical users. There’s also no common method that operating systems, version control systems, and applications use to model history and change. Many schemes are in use. As a consequence, WebDAV without versioning is widespread, and DeltaV is much less widely implemented.
If you encounter a WebDAV server referred to as “class 1”, that means it lacks locking. Class 2 includes locking. A WebDAV server with versioning is often just called a “DeltaV” server.
Where you’ll find WebDAV
WebDAV turns up in many different contexts, on the server or client side.
One warning: many of these have had WebDAV support for quite a while. When WebDAV is not central to the particular package, the WebDAV functionality may not be maintained as well as it once was.
A WebDAV server is always a webserver, but it may be embedded in another system.
General purpose webservers
The default open source WebDAV implementation is in the Apache HTTP Server. Many webservers support WebDAV via an add-on module, such as Nginx, lighttpd, and Microsoft IIS.
Version control systems
Several version control systems are accessible via some form of WebDAV, including Subversion, Git, and PVCS.
Collaborative Platforms and Content Management Systems
Collaboration platforms like Microsoft Sharepoint, or CMSs like WordPress, Drupal, or Joomla may have WebDAV built-in or available via add-on modules.
Network-Attached Storage and Cloud storage services
Network-Attached Storage (NAS) devices on your LAN may support remote access via WebDAV. Cloud file hosting services like Box.com may offer you access to your folders and files via WebDAV.
WebDAV turns up in random places where remote file manipulation and editing is useful. For instance, the system-design platform LabView can use WebDAV for transferring files to/from an embedded target computer.
As the Subversion documentation notes, WebDAV clients are standalone applications, extensions to file explorers, or filesystem modules. Specifically, a WebDAV client may be one of the following.
WebDAV file-access apps
Apps aimed at giving you access to remote files may be purely WebDAV oriented, like the Linux command-line tool cadaver, or the graphical DAV Explorer. Or they may be tools that speak multiple protocols, like WinSCP or Cyberduck.
These let you download and upload files, manipulate folders, etc; the GUI ones provide drag-and-drop and related visual metaphors.
Apps that use WebDAV
A range of applications have the ability to work with files accessed via WebDAV. The application’s file selection dialog supports entering not just a local filename, but a WebDAV URL, with the username and password needed for the WebDAV server. These applications include Microsoft Office (Word, Excel, etc); Apple iWork (Pages, Numbers, Keynote); Adobe Photoshop and Dreamweaver; and others.
When such an app works with files or folders on a WebDAV server, WebDAV is working behind the scenes to provide collaborative remote file modifications. The files on the server are edited “in place”, without downloading to the local filesystem for later re-uploading (which creates multiple copies that can get out of sync.)
Most operating systems file managers’ user interfaces include an extension to present and manipulate WebDAV folders and files as if they were local. These include Windows file Explorer, macOS Finder, and GNOME Files (Nautilus) and KDE Konqueror on Linux.
In each case there will be a “connect to server” option where you provide the WebDAV server’s URL (the URL format varies from tool to tool, sadly). You then provide the username and password for accessing the server.
The file manager presents remote files and folders, accessed via WebDAV, as local resources which you can click on, drag and drop, etc.
Multiple operating systems include the option of using a low-level filesystem module that mounts or maps a connection to a WebDAV server as a drive or mount. These include the Microsoft WebDAV Redirector, macOS WebDAV file system, and Linux GNOME GVfs and KDE KIO.
Once the operating system has mapped/mounted the WebDAV server, the files and folders exposed via WebDAV appear to be local. They are accessed by the normal file access calls, and any local application accesses them unaware of their true location.
Alternatives to WebDAV
WebDAV enables remote file editing and manipulation. There are many other mechanisms for working with files on a remote server; how is WebDAV different?
FTP (File Transfer Protocol) dates from the internet’s early days. The internet was a small town back then, so vanilla FTP’s security is completely inadequate for the mean streets of today’s internet. In contrast, WebDAV takes advantage of HTTPS security. FTP’s design is not firewall friendly, where WebDAV relies on the standard mechanisms to support webservers. FTP requires its own server process, where WebDAV lives in the webserver. And FTP doesn’t include collaboration-oriented features like locking and version tracking.
There are descendants of FTP that address the need for security, by running an extension of FTP, or a workalike protocol, atop SSL/TLS or SSH.
The SSH (Secure Shell) protocol uses cryptography to securely provide operating system services like file access and command execution over an insecure network. Among the services are SCP (Secure Copy protocol) and SFTP (Secure File Transfer Protocol).
SSH (and thus SCP and SFTP) requires its own server process and firewall rules, but support for SSH is almost universal on Linux and macOS, and has recently become a built-in service on Windows 10 (previously third-party software was required). SCP only handles moving files, where SFTP can manipulate folders, delete files, etc. However, they lack collaboration-oriented features; the SFTP protocol does support file-locking but you can’t yet count on it being present and enabled.
When we are talking about collaboratively producing content on the web, wikis are an obvious example. Wikis are group-edited websites that serve as project knowledge bases, note-taking tools, community websites, etc.
A wiki lets its users modify the content on pages, create pages, and modify the connections between pages, using a vanilla web-browser – no special protocols like WebDAV needed.
Wikis usually use a simplified markup language that’s much more limited – and quicker to grasp – than HTML. A wiki engine lives in a webserver like WebDAV. To permit a vanilla web-browser to edit, wikis don’t include the ability to edit multimedia files, and the only “file/folder management” that’s included is the ability to create and modify hyperlinks between wiki pages.
The wiki ideal is that the website is crowd-sourced and self-organizing; any user can make modifications and there is no predefined owner or gatekeeper. The anarchic ideal is often compromised; there are various wiki engines, and many support user authentication and imposing access controls on operations.
There are multiple protocols for sharing remote filesystems across networks, whose most common use is to map/mount a network share exported by a server, permitting you to access folders and files on the server as if they were a local drive. SMB/CIFS is native to Windows; NFS is native to Unix/Linux; and for MacOS the old default AFP is deprecated in favor of SMB.
These protocols provide essentially all the services of a filesystem on a local drive, including file locking, but not built-in file version tracking.
Distributed filesystem facilities often come with the operating system; if added later, they usually require additional modules added to the OS.
These protocols were developed to work over a LAN. Performance over the wide-area internet or a VPN will not be stellar, though you can mitigate that somewhat with tuning, and later versions of the protocols try to address this new use.
These protocols have much larger attack surfaces than simpler protocols like WebDAV. Though some recent versions like NFSv4 and SMB3 make improvements to support secure use on untrusted networks, most versions of these services are not secure beyond the LAN, and configuring them for such use is perilous.
Cloud file storage
Cloud storage services like Dropbox, Microsoft OneDrive, Google Drive, and Box.com seem like natural places for WebDAV. It does show up in some of them – Box.com is accessible via WebDAV, and OneDrive can be accessed by the standard Windows WebDAV facilities (though you only need this if you don’t have OneDrive file synchronization installed). Other cloud storage services provide their own specialized APIs, file-synchronization software, and web-app clients, and if you want WebDAV access you need to use a third-party gateway.
The specialized APIs, file-synchronization software and web-app clients provided by the cloud services are designed to provide security and performance over networks like the internet.
WebDAV servers and clients still going strong
WebDAV is a long-standing protocol that enables a webserver to act as a fileserver and support collaborative authoring of content on the web. In many of its use cases WebDAV is being supplanted by more modern mechanisms. But it’s still a reliable workhorse when the right servers and clients are matched, so it’s still encountered in many different applications.
industry-industry-4-network-points by Geralt, licensed under CC0.