WebDav and a Hosted Site
Use WebDav to connect to a server, set up the file structure, and control access. Links included for WebDav clients.
This article applies to: Managed Servers
WebDav is a method to transfer files to a server. It allows you to log onto the server in an area that contains your web content. When you request a new hosted site, you'll receive an email with information about the server, including the WebDav address.
Connect to the Server
Two common methods for connecting to a server using WebDav are through a WebDav client (preferred) or by mounting a drive (less secure).
WebDav Client Method (Preferred): A WebDav client is a program that allows you to connect to a remote server. You can choose to always connect when you turn on your computer (reduces the boot speed for the computer) or to connect just when you need to use the server. When you connect to the server, the server appears as an additional drive. Tools such as Dreamweaver will indicate when you are connected. Some WebDav clients are free, some cost small sums of money.
See the list of WebDav clients below.
Mounting the Drive Method (Less Secure): You can mount the server as an external drive so that it shows up as an icon on your desktop. This is less preferred than using a WebDav client because it creates a security vulnerability. (Anyone who can use your machine can get to the server.) It is also more complicated to set up. The method for mounting drives differs with each operating system and even between versions of the same operating system.
Instructions for mounting a drive are in the help for your operating system.
Your Dav Address
The web services group assigns a WebDav address for you using a standard naming convention. This address is sent to you in an email message when your hosted site is set up. Your WebDav address may look like the following example:
https://<Service Name>-webdav.kproxy.cornell.edu/<maybe-something-here>
This address is the one you use to connect to your site to work with the files.
Here are the steps to use to WebDAV to your server without going through KProxy:
-
Obtain a WebDAV key from your server. Login using your NetID/Password at the following URL, and copy the entire long string the page displays:
https://webhostXXX.hosting.cornell.edu:8144/davlogin
Replace the XXX with the number of your server.
-
Your WebDAV connection URL that you will paste into your WebDAV client is:
https://webhostXXX.hosting.cornell.edu:8144/name-of-your-instance
Replace the XXX with the number of your server AND
Replace the name-of-your-instance in the link above with the real name
Use your NetID as a username, and the WebDAV key you obtained from step 1 as your password. This key will be valid for eight hours. After that, you will have to generate a new key and re-login.
You can alter the name-of-your-instance portion of the URL to access other instances on your server.
To access your static instance, please use the following URLs:
-
Obtain a DAV login key from this server:
https://webhost092.hosting.cornell.edu:8144/davlogin
This key will work for all instances you have in the static webhosting service, but again, only for eight hours.
-
Your static instance's WebDAV access url is:
https://webhost092.hosting.cornell.edu:8144/name-of-your-instance
You can alter the name-of-your-instance portion of the URL to access other instances.
Set Up the File Structure
For most servers, when you connect with WebDav, you'll see the htdocs folder, which is a standard part of sites provided by the web services group. The htdocs folder might include files that belong to the entire website. (For some older, legacy systems, you start in a shared area that many people can see. From there you navigate to your own folders. The idstatic.cit.cornell.edu server works this way.
The best practice for file structure is to place all sites at least one level down from your htdoc folder. For example, for two separate sites about apples and oranges you would create folders apples and oranges. For a site about different types of apple, you'd make subfolders under the apples folder.
WebDav folders follow the Windows or Unix rules for permissions, naming, etc. depending on the type of server they are on. (For a windows server, the folders follow Windows rules. For a Unix server, the folders follow Unix rules.
The image below shows a Windows machine connected via a WebDav client to a Unix ColdFusion server. Although this looks like a Windows system, the files are on a Unix server. They must obey all the Unix system rules for naming, permissions, etc.
Control Access/Assign Permissions (.wdaccess)
You can use .wdaccess files to control who has permission to view or change your files on the server. Put a .wdaccess file in the htdocs folder, and another one in any folder for which you want to maintain different permissions.
Warning: If you don't create a .wdaccess file, anyone can look at or change your files.
About .wdaccess Files
- The "." is required to start the name.
- Similar to .htaccess files, but sites need both. (.wdaccess controls who can make changes to the files on your site. .htaccess controls who can view pages on your site. )
- The CU WebAuth utility uses the information in the .wdaccess file to enforce access to the folders.
- Permissions are inherited by sub-folders, but can be overridden by another .wdaccess file.
-
Edit .wdaccess files using a plain text editor. Many clients have a .wdaccess editor to make it easier.
Note: Changes are immediately visible, so it is best to edit on the desktop then transfer the new file once you know it's correct.
.wdaccess Permissions Example
Following is an example of how a site might use .wdaccess files to control access to folders.
An administrator can log into oursite-webdav.kproxy.cornell.edu.
- Folder_A = Administrator can see and make changes in this folder. (No .wdaccess file means this folder inherits the permissions from the htdocs folder above.)
- Folder_B = Administrator cannot open or make any changes. Administrator may be able to see this folder. (Depends on the WebDav client.)
- Folder_C = Administrator can see and make changes in this folder.
A developer can log into oursite-webdav.kproxy.cornell.edu/Folder_B and oursite-webdav.kproxy.cornell.edu/Folder_C.
- Folder_A = Developer cannot open or make any changes. Developer may be able to see this folder. (Depends on the WebDav client.)
- Folder_B = Developer can see and make changes in this folder.
- Folder_C = Developer can see and make changes in this folder.
Create a .wdaccess File
AuthName Cornell
AuthType All
AuthBasicAuthoritative off
#
# Use the following to restrict access
# (w/o comments) use spaces not commas
# when multiple entries are needed
#
#require valid-user
#require netid
#require permit
The last two lines are used to control permissions.
- Copy the sample file to a text editor.
-
Save the file with the name .
wdaccess
. (Use this exact name. Include the period at the beginning.) -
In the Require Permit line, enter the names of the AD groups which have access to the folder, for example
require CIT.lamp.xyz- Remove the # sign.
- Separate permits or NetIDs with a space.
- To make a new group on a hosted server, send request to webservices@cornell.edu.
- You can add NetIDs instead of using AD groups, but this is not recommended since it results in extra maintenance, especially for large numbers of people or multiple .wdaccess files.
- Be sure that you are included in the AD group or that you add your own NetID. If not, you will not be able to access your own files.
- Save the .wdaccess file, and then copy it to the folder on your site.
Links to WebDav Clients
Mac
- http://cyberduck.ch/
- http://www.macupdate.com/app/mac/41015/webdav-client
- http://www.webdav.org/goliath/
- http://southrivertechnologies.com/products/webdrive/
Windows
- http://southrivertechnologies.com/products/webdrive/
- http://www.webdav.org/projects/
- http://www.netdrive.net/
More Information
- Fairly Technical: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
-
Cornell Library: http://erms.library.cornell.edu/search~S4/?searchtype=X&searchscope=4&SORT=A&searcharg=24x7
(Takes you to a link near the top Books.24x7.com that has a rich searchable resource of IT books. You will need to log in with your NetID and password.)
Comments?