Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WebDev

2 views
Skip to first unread message

Afzal Ahmed

unread,
Apr 6, 2004, 10:10:00 AM4/6/04
to
What is the WebDev function in IIS?

doug

unread,
Apr 6, 2004, 10:49:41 AM4/6/04
to
You mean WebDav? What do you want to know about it?

http://www.iisfaq.com/default.aspx?View=S&Search=webdav

doug


>-----Original Message-----
>What is the WebDev function in IIS?

>.
>

Sparky Polastri

unread,
Apr 6, 2004, 10:58:50 AM4/6/04
to

"Afzal Ahmed" <afzal....@jsc.nasa.gov> wrote in message
news:18da601c41be0$d93d1620$a301...@phx.gbl...

> What is the WebDev function in IIS?

WebDav. webdAv, with an A.

Its a protocol that allows editing a web site over a network or the internet
over HTTP. FrontPage uses it (plus some additional stuff) to save to the
remote hard drive. Other programs (like Macromedia Dreamweaver) can use it
too.

Most ordinary users encounter it as the "web folders" in their network
neighborhood.

To use it on IIS, you need the FrontPage server extensions installed.


Afzal Ahmed

unread,
Apr 6, 2004, 11:07:07 AM4/6/04
to
Is there any security issue of activating Webdav?
>.
>

Egbert Nierop (MVP for IIS)

unread,
Apr 6, 2004, 1:07:35 PM4/6/04
to
"Sparky Polastri" <jaf...@MuNGEDyahoo.com> wrote in message
news:4072c507$1...@newspeer2.tds.net...

This is not quite true. Frontpage is needed for frontpage extensions for
Frontpage clients that want to upload data and manage websites including
html bot support.

Webdav is an extension to the HTTP 1.1 protocol and is officially in a RFC
while frontpage is -not-. For instance. OPTIONS/PUT/DELETE/PROPERTIES are
typical webdav plus multiple return states commands that have nothing to do
with frontpage.

Egbert Nierop (MVP for IIS)

unread,
Apr 6, 2004, 1:10:06 PM4/6/04
to
"Afzal Ahmed" <anon...@discussions.microsoft.com> wrote in message
news:1930301c41be8$d400c780$a101...@phx.gbl...

> Is there any security issue of activating Webdav?

Security is managed using IIS MMC and the NTFS security. Of course, the more
options a service supports, the more risk theoretically. If you are a
security freak, you'd disable WebDav.

I like webdav, since it allows me to have remote directories from my own
company as if they are windows folders, even when I'm working with my client
that only allows us to use a proxy server to the extern internet.

WenJun Zhang[msft]

unread,
Apr 7, 2004, 12:31:28 AM4/7/04
to
Yes, IIS built-in supports WebDAV which is specified in HTTP 1.1
extensions. Here is the RFC:
http://www.ics.uci.edu/~ejw/authoring/protocol/rfc2518.html

After a site is extended with FrontPage Server Extensions, WebDAV
requests are also handled by FPSE's author.dll.

For the security concerns, WebDAV is enabled on IIS5 defaultly: in IE
File->Open, open the site as web folder.
Therefore we need make sure anonymous account doesn't have any
unnecessary Write permission of NTFS. In sites' Home Directory tab,
disable Write if no file needs to be modifed or uploaded. On IIS6,
it's a disabled Web Service extension by default.

To thoroughly diable WebDAV function on IIS5, we can either install
Win2K SRP:
241520 How to Disable WebDAV for IIS 5.0
http://support.microsoft.com/?id=241520

or use URLScan to deny WebDAV verbs.

Best regards,

WenJun Zhang
Microsoft Online Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
Get Secure! - www.microsoft.com/security

WenJun Zhang[msft]

unread,
Apr 9, 2004, 2:23:50 AM4/9/04
to
Hi Afzal,

Just want to check if you still have further questions on this issue?

0 new messages