Preventing PROPFIND requests

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Preventing PROPFIND requests

Post by RobertGonzalez »

I was asked this morning if there is a way to prevent the PROPFIND request method on Apache. After reading up on it, it seems as though PROPFIND (and PROPATCH) are parts of the WebDAV module and they are used for file manipulation and versioning. If I am incorrect in this assessment, please correct me.

I also noticed, when looking through the access logs, that there are numerous calls to PROPFIND (that all meet a 405 server response). My question is, is there a way to not allow a PROPFIND request? I have a section of a sample httpd.conf file, but I am not sure what to do with it. Any help would be much appreciated.

From the access logs (**** are used to replace actual directory names that I cannot show):

Code: Select all

69.109.252.201 - - [16/Sep/2006:00:00:02 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
69.109.252.201 - - [16/Sep/2006:00:00:23 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
69.109.252.201 - - [16/Sep/2006:00:00:33 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
66.234.220.62 - - [16/Sep/2006:01:41:31 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
66.234.220.62 - - [16/Sep/2006:01:41:31 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:06 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:06 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:06 -0700] "PROPFIND /SysVol HTTP/1.1" 405 22869
71.202.249.191 - - [16/Sep/2006:07:01:08 -0700] "PROPFIND /**** HTTP/1.1" 405 22869
Sample http.conf text:

Code: Select all

# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
# You must correct the path for the root to match your system's configured
# user directory location, e.g. "C:/WinNT/profiles/*/My Documents/My Website"
# or whichever, as appropriate.
#
#<Directory "C:/Documents and Settings/*/My Documents/My Website">
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Try removing the dav module from apache's config file...
i.e:

Code: Select all

#LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Is the DAV module a required module for anything?
nickvd
DevNet Resident
Posts: 1027
Joined: Thu Mar 10, 2005 5:27 pm
Location: Southern Ontario
Contact:

Post by nickvd »

Not to my knowledge, and it's not enabled on my setup..

I'm sure it is required for something but i've never had it turned on (aside from mod_dav_svn, for subversion, but that's a completely separate module).
Last edited by nickvd on Tue Sep 19, 2006 1:13 pm, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Ok, I will look into it. Thanks for the advice.
Post Reply