Skip to main content

WebDav and a Hosted Site

Use WebDav to connect to a server, set up the file structure, and control access. Links included for WebDav clients.

This article applies to: Managed Servers


WebDav is a method to transfer files to a server. It allows you to log onto the server in an area that contains your web content. When you request a new hosted site, you'll receive an email with information about the server, including the WebDav address.

Connect to the Server

Two common methods for connecting to a server using WebDav are through a WebDav client (preferred) or by mounting a drive (less secure).

WebDav Client Method (Preferred): A WebDav client is a program that allows you to connect to a remote server. You can choose to always connect when you turn on your computer (reduces the boot speed for the computer) or to connect just when you need to use the server. When you connect to the server, the server appears as an additional drive. Tools such as Dreamweaver will indicate when you are connected. Some WebDav clients are free, some cost small sums of money. 

See the list of WebDav clients below.

Mounting the Drive Method (Less Secure): You can mount the server as an external drive so that it shows up as an icon on your desktop. This is less preferred than using a WebDav client because it creates a security vulnerability. (Anyone who can use your machine can get to the server.) It is also more complicated to set up. The method for mounting drives differs with each operating system and even between versions of the same operating system. 

Instructions for mounting a drive are in the help for your operating system.

Your Dav Address

The web services group assigns a WebDav address for you using a standard naming convention. This address is sent to you in an email message when your hosted site is set up. Your WebDav address may look like the following example:

https://<Service Name>-webdav.kproxy.cornell.edu/<maybe-something-here> 

This address is the one you use to connect to your site to work with the files.

Here are the steps to use to WebDAV to your server without going through KProxy:

  1. Obtain a WebDAV key from your server.  Login using your NetID/Password at the following URL, and copy the entire long string the page displays:


    https://webhostXXX.hosting.cornell.edu:8144/davlogin

    Replace the XXX with the number of your server.
     

  2. Your WebDAV connection URL that you will paste into your WebDAV client is:

    https://webhostXXX.hosting.cornell.edu:8144/name-of-your-instance

    Replace the XXX with the number of your server   AND
    Replace the name-of-your-instance in the link above with the real name

    Use your NetID as a username, and the WebDAV key you obtained from step 1 as your password.  This key will be valid for eight hours.  After that, you will have to generate a new key and re-login.

    You can alter the name-of-your-instance portion of the URL to access other instances on your server.

To access your static instance, please use the following URLs:

  1. Obtain a DAV login key from this server:
     

    https://webhost092.hosting.cornell.edu:8144/davlogin

    This key will work for all instances you have in the static webhosting service, but again, only for eight hours.
     

  2. Your static instance's WebDAV access url is:

    https://webhost092.hosting.cornell.edu:8144/name-of-your-instance

    You can alter the name-of-your-instance portion of the URL to access other instances.

Set Up the File Structure

For most servers, when you connect with WebDav, you'll see the htdocs folder, which is a standard part of sites provided by the web services group. The htdocs folder might include files that belong to the entire website. (For some older, legacy systems, you start in a shared area that many people can see. From there you navigate to your own folders. The idstatic.cit.cornell.edu server works this way.

The best practice for file structure is to place all sites at least one level down from your htdoc folder. For example, for two separate sites about apples and oranges you would create folders apples and oranges. For a site about different types of apple, you'd make subfolders under the apples folder.

WebDav folders follow the Windows or Unix rules for permissions, naming, etc. depending on the type of server they are on. (For a windows server, the folders follow Windows rules. For a Unix server, the folders follow Unix rules.

The image below shows a Windows machine connected via a WebDav client to a Unix ColdFusion server. Although this looks like a Windows system, the files are on a Unix server. They must obey all the Unix system rules for naming, permissions, etc.

 

Control Access/Assign Permissions (.wdaccess)

You can use .wdaccess files to control who has permission to view or change your files on the server. Put a .wdaccess file in the htdocs folder, and another one in any folder for which you want to maintain different permissions.

Warning: If you don't create a .wdaccess file, anyone can look at or change your files.

About .wdaccess Files

  • The  "."  is required to start the name.
  • Similar to .htaccess files, but sites need both. (.wdaccess controls who can make changes to the files on your site. .htaccess controls who can view pages on your site. ) 
  • The CU WebAuth utility uses the information in the .wdaccess file to enforce access to the folders.
  • Permissions are inherited by sub-folders, but can be overridden by another .wdaccess file.
  • Edit .wdaccess files using a plain text editor. Many clients have a .wdaccess editor to make it easier.
    Note: Changes are immediately visible, so it is best to edit on the desktop then transfer the new file once you know it's correct.

.wdaccess Permissions Example

Following is an example of how a site might use .wdaccess files to control access to folders.

 The .wdaccess file in htdocs has a permit that only has administrators in it. FolderA has no .wdaccess file. FolderB has a .wdaccess file that only allows developers. FolderC has a .wdaccess file that allows both developers and administrators.

An administrator can log into oursite-webdav.kproxy.cornell.edu.  

  • Folder_A = Administrator can see and make changes in this folder. (No .wdaccess file means this folder inherits the permissions from the htdocs folder above.)
  • Folder_B = Administrator cannot open or make any changes. Administrator may be able to see this folder. (Depends on the WebDav client.)
  • Folder_C = Administrator can see and make changes in this folder.

developer can log into oursite-webdav.kproxy.cornell.edu/Folder_B and oursite-webdav.kproxy.cornell.edu/Folder_C.

  • Folder_A = Developer cannot open or make any changes. Developer may be able to see this folder. (Depends on the WebDav client.)
  • Folder_B = Developer can see and make changes in this folder.
  • Folder_C = Developer can see and make changes in this folder.

Create a .wdaccess File

AuthName Cornell
AuthType All
AuthBasicAuthoritative off
#
# Use the following to restrict access
#  (w/o comments) use spaces not commas
#  when multiple entries are needed
#
#require valid-user
#require netid
#require permit

The last two lines are used to control permissions.

If you are not in the .wdaccess file as a netid or as a permit you will lose access to the file and will not be able to edit the .wdaccess file itself. You would be locked out.  
  1. Copy the sample file to a text editor.
  2. Save the file with the name .wdaccess. (Use this exact name. Include the period at the beginning.)
  3. In the Require Permit line, enter the names of the AD groups which have access to the folder, for example
    require CIT.lamp.xyz
    • Remove the # sign.
    • Separate permits or NetIDs with a space.
    • To make a new group on a hosted server, send request to webservices@cornell.edu.
    • You can add NetIDs instead of using AD groups, but this is not recommended since it results in extra maintenance, especially for large numbers of people or multiple .wdaccess files.
  4. Be sure that you are included in the AD group or that you add your own NetID. If not, you will not be able to access your own files.
  5. Save the .wdaccess file, and then copy it to the folder on your site.

Links to WebDav Clients

Mac

Windows

More Information

About this Article

Last updated: 

Tuesday, April 25, 2017 - 9:54am

Was this page helpful?

Your feedback helps improve the site.

Comments?