Disable Webdav completely?

Hi, have two separate clouds on the same server. One is on v12, the other on v13

v13 is a fresh install and it says

"Your web server is not yet properly set up to allow file synchronisation, because the WebDAV interface seems to be broken.:

Yet the v12 installation works fine

can you disable it completely

WebDav is the protocol used for file operations. So if you disable it, you are essentially making the system unusable :wink:

I have disabled it in the past within /var/www/nextcloud/apps/dav/lib/Connector/Sabre/Auth.php.
We don’t want users accessing their files anywhere but from within the web interface so I just added return false; within the validateUser function. The fix for NC 12 is here: https://pastebin.com/7NL383b1 (ignore the comment about the cron job. it is for my use only). Have not tested with NC 14 yet but will be. I thought I’d look to see if there have been any new ways to disable it before resorting to hacking up core.

Im not able to disable or restrict webdav to only the browser.
The add-on does also not block to only the browser.

Why do i want to block it, i want none admin’s not to access the data via webdav

Anybody a solution ? for NC16 ?

Try to ether rewrite URL, or redirect to e.g. Login page:

the desktop client tries to get authorization via /index.php/login/v2/grant

you can put this inside your Apache-vhost-config (.htaccess would work too)
RewriteCond %{REQUEST_URI} ^/index.php/login/v2/grant
RewriteRule ^(.*)$ https://example.com/index.php/login [L,R=301]

and some more conditions for the Android client
RewriteCond %{REQUEST_URI} ^/index.php/login/flow/grant(.)$ [OR]
RewriteCond %{REQUEST_URI} ^/core/js/login/grant(.
)$ [OR]
RewriteCond %{REQUEST_URI} ^/index.php/login/flow/grant(.)$
RewriteRule ^(.
)$ https://example.com/index.php/login [L,R=403]

this only prohibits the android client to authenticate at first login! If the client was already registered, it won’t stop that connection.

1 Like