Hello,
I wonder if WebDAV can be disabled in version 18 for all newly created users.
That I do not have to exclude everyone separately because it is a larger number of users.
Do you want to be able as admin to disable “Rich workspaces” by default and let users turn that feature back on? I’d second that feature request.
Or do you want to disable WebDAV (which is a CORE feature or Nextcloud). So you really want to restrict your users to the web interface only?
Basically, I just want to make this not visible:
And to make it automatically unmarked for everyone what is in the first picture.
Hi @nursoda,
I am looking forward to restrict the nextcloud usage to the web interface. Do you know a solution for this as you have mentioned it?
I am aware of modifying the .htaccess to disable the authorization (Disable Webdav completely?), but this feels a bit prone to errors, as I don’t know, if any app will make use of that authorization endpoint.
Why disable web interface or WebDAV?
Perhaps you secure the data and not the application.
That makes no sense.
There is a misunderstanding - my question is not about disabling the web interface - it is about ONLY using the web interface and disable webdav. The reason for this is, that we have integrated nextcloud into a landscape of several web-based tools. To make sure we have a unique user experience it is relevant for our use case to limit the interface to web.
I have tested it. For WebDAV you use the program “remote.php”. If you remove or rename “remote.php” you can not see the files in the web interface. Perhaps you can edit “remote.php” and switch for the user-agent between windows explorer and browsers . https://en.wikipedia.org/wiki/User_Agent
If you blacklist the windows explorer user agent (do not know it), you can use all browsers and not the windows explorer. Look perhaps in the apache2-access-logs or output the user-agent in remote.php with https://www.php.net/manual/en/function.get-browser.php
1 Like
User Agent Windows (not tested):
I have modified remote.php - that is working for me, thanks a lot, @devnull! Even if I don’t like to modify nextcloud core-files in general, this is a consequent solution.
Blacklisting the user-agent could work, especially for windows-based clients, but to be consistent, you would also need to blacklist the user-agents for linux/ osx clients.
What have you modified?
Yes. But if you use “remote.php” there is ever the possibilty for webDAV? Or have you find more details in “remote.php” to re-configure?
I never tried to restrict WebDAV, it’s one of the most important features for me.
But the way devnull proposed (to delete remote.php from the allow-list in the webserver config) seams reasonable. However, I couldn’t tell what side effects that has.
If you have an application gateway in front of your NC, you might also block WebDAV there.
My question would be WHY you want to disable WebDAV in the first place. What do you achieve to gain?
We have no need for webdav at all and are not using any nextcloud client beside the webinterface.
I have added an exception at the beginning of processing the request:
throw new RemoteException('Forbidden', 403);
It seems to work, but I have to test it in more detail
Can you post the if-command if used?
Thanks for your feedback.
I want to make sure, that only the web interface can be used, as we don’t want to offer any other ways to access nextcloud.
If you have an application gateway in front of your NC, you might also block WebDAV there.
Even better than modifying nextcloud files… I have to analyze that one, as I have no idea right now, how to set this up.
Yes it is a nice and/or bad idea. But WebDAV and the web interface uses the same program “remote.php” for accessing files in nextcloud. It make no difference for nextcloud.
Rather describe your use case (why it is necessary to restrict to web interface) and open a feature request (if there isn’t one already, so search thoroughly).
You may achieve your goal cleaner by restricting webdav at the perimeter using a firewall / application gateway. That way, you don’t have to change anything at nextcloud settings or code.
2 Likes
Also not possible. You can use webdav through web proxies.
Only true for a firewall that restricts on ports only. That is why I wrote “firewall / application gateway”. What I meant with that is “a dedicated application gateway” or “a firewall with such functionality”.
Not very useful to allow the browser and not a windows app. I do not know your goal but there is no real security advantage.
Perhaps you can deactivate “basic authentication” in windows registry needed for nextcloud webdav 
https://docs.nextcloud.com/server/19/user_manual/files/access_webdav.html
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWebClientParameters
set to 0
Not tested.