WebDA-based (Web-based Distributed Authoring and Versioning) A communication protocol based on the HTTP 1.1 protocol. It extends HTTP 1.1 and adds some new methods to several HTTP standard methods such as GET, POST, and HEAD to make the application available. It directly reads and writes directly to Web Server, and supports writing file locking (Locking) and unlocking (Unlock). It also supports file version control. Description: The target has WebDAV enabled. WebDA-based (Web-based Distributed Authoring and Versioning) is an extension protocol based on HTTP 1.1. It adds some new methods based on the standard methods defined by HTTP. Through these methods, applications can write and delete directly on the WEB server. Operations such as files. Hazard: 1. If WebDAV is improperly configured, the attacker can perform operations such as modifying, deleting, and uploading arbitrary files anonymously, which may cause the attacker to completely control the target WEB server. 2. Some old versions of WEB servers implement a lot of serious security vulnerabilities in the components of WEBDAV related functions. Even if the configuration of WebDAV permissions is correct, it may be exploited by hackers to control the entire server solution due to component problems on the server: 1. If it is not absolutely necessary, please turn off webDAV; 2. If you need this function, please update your web server to the latest version and configure webDAV access rights correctly. How to turn off: Disabling WebDAV in IIS6 is as simple as finding the application server section in the Windows 2003 Install and Uninstall Windows component, and going to the IIS component option, removing the checkmark in front of WebDAV and restarting IIS. Microsoft Windows 2000/XP and IE, Office and Adobe/MacroMedia DW all support Webdav, which greatly enhances the value and effectiveness of Web applications. For users who need to publish a large amount of content, the application WebDav can reduce the dependence on the CMS system, and can be more free to create. Uploading and downloading are easy. Web Distributed Authoring and Versioning (WebDAV) extends the HTTP/1.1 protocol to allow clients to publish, lock, and manage resources on the Web, after integration with IIS. WebDAV allows clients to do the following: Process resources in the WebDAV publishing directory on the server. The advantages of using this feature are as follows: 1. Users with the correct permissions can copy and move files in the WebDAV directory. 2. Modify the attributes associated with certain resources. For example, a user can write and retrieve attribute information for a file. 3. Lock and unlock resources so that multiple users can read one file at the same time. But only one person can modify the file at a time. 4. Search for the contents and properties of the files in the WebDAV directory. Setting up a WebDAV publishing directory on the server is as simple as setting up a virtual directory through the Internet Information Services snap-in. Once the publish directory is set up, users with the appropriate permissions can publish documents to the server and process the files in the directory. You must first install Windows XP Professional before setting up the WebDAV directory. WebDAV Clients WebDAV publishing directories can be accessed through any of the Microsoft products described in the list below or through any other client that supports the industry standard WebDAV protocol. · Windows XP connects to the WebDAV server by "Adding a Network Neighborhood Wizard" and displays the contents of the WebDAV directory as if it were part of the same file system on the local computer. Once the connection is complete, you can drag and drop files, retrieve and modify file attributes, and perform many other file system tasks. · Internet Explorer 5.0 connects to the WebDAV directory, allowing you to perform file system tasks that can be performed with Windows XP. · Office 2000 creates, publishes, edits, and saves documents directly into the WebDAV directory from any of the applications included in it. Searching in WebDAV Once you have established a connection to the WebDAV directory, you can quickly search the contents and properties of the files in this directory. For example, you can search for all files that contain the word table or all files written by Fred. Integrated Security Because WebDAV is integrated with Windows XP and IIS, it has the security features provided by both. This includes the IIS permissions specified in the Internet Information Services snap-in and the Freely SELECTed Access Control List (DACL) in the NTFS file system. For information on IIS security, see Security. Since clients with appropriate permissions can write to the WebDAV directory, it is important to control which clients are allowed to access the directory. To help you control access, IIS has built-in support for the Kerberos 5 authentication protocol, which enhances the ability to integrate Windows authentication. Choosing Integrated Windows Authentication ensures that only clients with permissions can access and write to the WebDAV directory on the intranet. For more information about how the Kerberos 5 authentication protocol works with IIS to integrate Windows authentication, see Integrated Windows authentication. For general information about how the Kerberos protocol works, see "Kerberos v5 Authentication" in the Windows XP documentation. In addition, IIS also supports digest authentication and advanced digest authentication. Digest authentication and advanced digest authentication are created for Windows domain servers, providing more stringent security measures for passwords and for transferring information over the Internet. For information on Digest authentication, see Digest authentication and Configuration digest authentication. For advanced digest authentication, see Advanced Digest Authentication and Configuring Advanced Digest Authentication. Advantages of WebDAV Since the Web has become the foundation of the Internet, HTTP 1.1 (Hypertext Transfer Protocol) has proven to be a very flexible and general protocol for transferring data. However, HTTP has some obvious shortcomings that limit its adoption as a comprehensive Internet communication protocol: it is well suited for viewing static documents, but it is not sufficiently complex (to provide rich authoring capabilities to the client) The way to handle documents. For example, when two authors make changes to a document at the same time without communicating, the problem of "update lost" Only changes made by the last author and re-uploaded to the server will be preserved, and changes made by another author will be lost. The goal of the IETF WebDAV Working Group is to design a protocol that provides the functionality needed for any distributed authoring tool in a standards-based forum. The current WebDAV specification (IETF RFC 2518) addresses three main issues of collaborative authoring tools: · rewrite protection. HTTP 1.1 does not ensure that clients can protect resources and can make changes if other clients edit them at the same time. With WebDAV, there are several ways to lock resources so that other clients know that you are interested in the resources in question or prevent other clients from accessing the resource. · Resource Management. HTTP can only access a single resource directly. WebDAV provides a way to organize data more efficiently. WebDAV introduces the concept of a collection of resources (similar to file system folders). Resource management through WebDAV includes the ability to create, move, copy, and delete collections, as well as resources or files in a collection. · Document properties. Different types of data have unique attributes that help to describe the data. For example, in an email, these attributes might be the sender's name and the time the message was received. In a collaborative document, these attributes may be the name of the original author of the document and the name of the last editor. Because people use different types of documents, the list of possible attribute types becomes infinite. XML is an extensible communication tool required by WebDAV. Format of WebDAV Requests HTTP 1.1 (see IETF RFC 2068) provides a set of methods for clients to communicate with the server and specifies the format of the response (returning the requesting client from the server). WebDAV extends all of the methods in this specification, extends some of these methods, and introduces other methods that provide the functionality described. The methods used in WebDAV include: 1.Options, Head, and Trace. Primarily used by applications to discover and track server support and network behavior. 2.Get. Retrieve documents. 3.Put and Post. Submit the document to the server. 4.Delete. Destroy resources or collections. 5. Mkcol. Create a collection. 6.PropFind and PropPatch. Retrieve and set properties for resources and collections. 7.Copy and Move. Manage collections and resources in a namespace context. 8. Lock and Unlock. Rewrite protection. The general structure of a WebDAV request follows the HTTP format and consists of the following three components: 1. Method. Declare the method that is executed by the client (the method described above). 2. Header. Describe instructions on how to accomplish this task. 3. Subject (optional). Define the data used in this or other instructions to describe how to do this. In the main component, XML becomes a key element in the entire WebDAV structure.