WebDAV Protocol: Web-Based Distributed Authoring 2026

Introduction

WebDAV (Web-based Distributed Authoring and Versioning) is an extension of HTTP that enables users to collaboratively edit and manage files on remote web servers.

This guide covers WebDAV protocol, methods, locking, and implementation.

What is WebDAV?

WebDAV extends HTTP with methods for file operations, enabling web servers to function as file servers with versioning support.

Key Features

Remote File Operations: PUT, DELETE, COPY, MOVE.

Collections: Directories (PROPFIND, MKCOL).

Locking: Prevent conflicts (LOCK, UNLOCK).

Properties: Metadata (PROPFIND, PROPPATCH).

Methods

Standard HTTP + WebDAV

Method	Description
GET	Read file
PUT	Upload file
DELETE	Delete file
PROPFIND	Get properties
PROPPATCH	Modify properties
MKCOL	Create collection
COPY	Copy resource
MOVE	Move resource
LOCK	Lock resource
UNLOCK	Unlock resource

Implementation

Apache WebDAV

# /etc/apache2/sites-available/webdav.conf

<VirtualHost *:443>
    ServerName dav.example.com
    DocumentRoot /var/www/webdav
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
    
    DAV On
    Options +Indexes
    
    <Location /webdav>
        DAV On
        AuthType Basic
        AuthName "WebDAV"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Location>
</VirtualHost>

Python WebDAV Client

import requests
from requests.auth import HTTPBasicAuth

class WebDAVClient:
    def __init__(self, base_url, username, password):
        self.base_url = base_url
        self.session = requests.Session()
        self.session.auth = HTTPBasicAuth(username, password)
    
    def upload(self, local_path, remote_path):
        with open(local_path, 'rb') as f:
            response = self.session.put(
                f"{self.base_url}/{remote_path}",
                data=f
            )
        return response.status_code in (200, 201, 204)
    
    def download(self, remote_path, local_path):
        response = self.session.get(f"{self.base_url}/{remote_path}")
        with open(local_path, 'wb') as f:
            f.write(response.content)
        return response.status_code == 200
    
    def list_files(self, path='/'):
        response = self.session.request(
            'PROPFIND',
            f"{self.base_url}/{path}",
            headers={'Depth': '1'}
        )
        return response.text
    
    def delete(self, path):
        response = self.session.delete(f"{self.base_url}/{path}")
        return response.status_code in (200, 204)
    
    def create_directory(self, path):
        response = self.session.request('MKCOL', f"{self.base_url}/{path}")
        return response.status_code in (200, 201)

Locking

    def lock(self, path, timeout=60):
        headers = {
            'Timeout': f'Second-{timeout}',
            'Content-Type': 'application/xml'
        }
        body = '''<?xml version="1.0"?>
<d:lockinfo xmlns:d="DAV:">
  <d:lockscope><d:exclusive/></d:lockscope>
  <d:locktype><d:write/></d:locktype>
</d:lockinfo>'''
        
        response = self.session.request(
            'LOCK',
            f"{self.base_url}/{path}",
            headers=headers,
            data=body
        )
        return response.headers.get('Lock-Token')
    
    def unlock(self, path, lock_token):
        headers = {'Lock-Token': lock_token}
        response = self.session.request(
            'UNLOCK',
            f"{self.base_url}/{path}",
            headers=headers
        )
        return response.status_code in (200, 204)

Best Practices

Always use HTTPS
Implement proper authentication
Use locks for concurrent editing
Set appropriate timeout values

Conclusion

WebDAV provides HTTP-based file sharing and collaboration, useful for remote file management.

Resources

RFC 4918 - WebDAV