# SHORT DESC: Provide DAV capabilities (RFC 2518) for your Apache web server.
# LONG DESC: mod_dav is an Apache module to provide DAV capabilities (RFC 2518) for your Apache web server. It is an Open Source module, provided under an Apache-style license.

# EXCLUDE OUTFILE: /etc/apache/httpd.conf

./configure && \
make && \
make install || exit 1

mv /etc/apache/httpd.conf.bak /etc/apache/httpd.conf

cat <<\_EOF > /etc/apache/mod_dav.conf
LoadModule dav_module libexec/apache/libdav.so
AddModule mod_dav.c

# Location where mod_dav will store its lock database
# Must be writable by the webserver process
DAVLockDB /var/run/httpd-davlock

# An optional directive, DAVMinTimeout, specifies the minimum lifetime of a
# lock in seconds. If a client requests a lock timeout less than DAVMinTimeout,
# then the DAVMinTimeout value will be used and returned instead. For example,
# Microsoft's Web Folders defaults to a lock timeout of 2 minutes; 10 minutes
# could be used to reduce network traffic and the chance that the client might
# lose a lock due to network latency.
#
# The DAVMinTimeout directive is optional, and may be used on a per-server or
# per-directory/location basis. It takes a single, non-negative integer. Since
# this value represents a minimum allowed, setting it to zero (0) will disable
# this feature. The default value for DAVMinTimeout is zero.
DAVMinTimeout 0

# A PROPFIND request with a "Depth: Infinity" header can impose a large burden
# on the server. These kinds of requests could "walk" the entire repository,
# returning information about each resource found. mod_dav builds the response
# in memory, so these kinds of requests could potentially consume a lot of
# memory (the memory would be released at the end of the request, but the peak
# can be quite large).
#
# To prevent these kinds of requests, the DAVDepthInfinity directive has been
# provided. It is a simple on/off directive, which can be used on a per-server
# or a per-directory/location basis. The default value for this directive is
# off, meaning these kinds of requests are not allowed.
#
# NOTE: the WebDAV Working Group has stated that it is acceptable for DAV
# servers to refuse these kinds of requests. Properly written client software
# should not issue them, and you should not worry about disabling them. 
DAVDepthInfinity Off

# mod_dav will parse XML request bodies into memory. It would be a very
# effective "Denial of Service" attach to send a large request body at a
# mod_dav server. Apache defines a directive named LimitRequestBody which will
# limit all methods' request bodies. Unfortunately, this is not an effective
# mechanism for a mod_dav server since large PUT operations should be allowed.
#
# To limit just the methods that have an XML request body, mod_dav defines the
# LimitXMLRequestBody directive. The default for this value is one million
# (1000000) bytes. Setting the value to zero (0) will disable the size limit.
#
# LimitXMLRequestBody may be set on a per-server or a per-directory/location
# basis, and takes a single non-negative integer argument. 
LimitXMLRequestBody 1000000

# Example of a "Directory" directive that has WebDAV enabled
<Directory /var/www/htdocs/_PUBLICLY_WRITABLE_>
	# Enable mod_dav
	DAV On

	# To prevent someone from creating a ".htaccess" file that affects the
	# operation of the server
	AllowOverride None

	# Example of how to restrict WebDAV-only operations to authorized
	# users, while allowing others to read the information
#	<LimitExcept GET HEAD OPTIONS>
#		Require valid-user
#	</Limit>

	# To prevent scripts from being executed and their output being sent,
	# rather than the source of the script itself
#	ForceType text/plain
</Directory>
_EOF
chmod 644 /etc/apache/mod_dav.conf