Information
The Apache 'mod_dav' and 'mod_dav_fs' modules support WebDAV ('Web-based Distributed Authoring and Versioning') functionality for Apache. WebDAV is an extension to the HTTP protocol which allows clients to create, move, and delete files and resources on the web server.
Rationale:
WebDAV is not widely used, and it has serious security concerns because it may allow clients to modify unauthorized files on the web server. Therefore, the WebDav modules 'mod_dav' and 'mod_dav_fs' should be disabled.
Solution
Perform either one of the following to disable the WebDAV modules:
1. For source builds with static modules, run the Apache './configure' script without including 'mod_dav' and 'mod_dav_fs' in the '--enable-modules=configure' script options.
$ cd $DOWNLOAD/httpd-2.2.22
$ ./configure
2. For dynamically loaded modules, comment out or remove the 'LoadModule' directive for the 'mod_dav' and 'mod_dav_fs' modules from the 'httpd.conf' file.
##LoadModule dav_module modules/mod_dav.so
##LoadModule dav_fs_module modules/mod_dav_fs.so