• 1 year

    29 days

    YetiShare / Core


WebDav Plugin Troubleshooting


Using Apache/Ubuntu, files do not upload using the WebDav plugin. They show as 100% uploaded but don't actually appear within your account.


sudo a2enmod dav
sudo a2enmod dav_fs
sudo service apache2 restart


CloudFlare HTTPS:

On certain WebDav clients the free CloudFlare HTTPS certificate doesn't validate WebDav wont work. You will need to either purchase an SSL certificate for your WebDav domain or use non-https via the plugin settings above.

In addition, if you're using external file servers on CloudFlare https, all servers will need Curl v7.36+ for ECC 256 bit SSL (minimum used by CloudFlare). You can install it on CentOS using the following command: (if this url is no longer available, check here for the latest)

rpm -Uvh
yum install libcurl

After, restart your webserver and PHP (if using php-fpm). Test by trying to connect to your site, like this:

curl -1IsS

Plesk/WHM Users:

If you're using Plesk/WHM you may have issues connecting via a WebDav client. Plesk/WHM can mess with the authentication header so the script wont recognise the submitted username and password by default. To allow for this comment out the following lines within - \plugins\webdav\site\control\.htaccess

# uncomment on plesk if you're having login issues
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule (.*) index.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

If you can't see this file ensure you've upgraded to the latest plugin code via your account.


WHM might be running ModSecurity which can block certain http methods that WebDav needs. This can be noticed when your WebDav client is authenticating fine but not listing any files. You may be seeing a "404 Not Found" error. To check for it:

1) Connect to your site using your WebDav client, such as CyberDuck.
2) Login to WHM and search for ModSecurity logs on the left.
3) Look for a recent error message similar to the following:

2016-05-06 10:40:19 CRITICAL 404 1234123435: Method is not allowed by policy
Request: PROPFIN /
Action Description: Access denied with code 501 (phase 2).
Justification: Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required.

4) If this exists, ModSecurity is indeed blocking WebDav. To fix it amend the relating ModSecurity rule to allow PROPFIN methods, or completely disable the rule altogether. The rule will look similar to the following:

# allow request methods
"phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'1234123435',tag:'POLICY/METHOD_NOT_ALLOWED'"

5) Ensure you rebuild & restart ModSecurity after the rule changes.

Blocked WebDav Methods:

Your server may be blocking the http methods required by WebDav. Run a test on SSH for check it:

curl -v -X PROPFIND

If you get:

405 Not Allowed

They are being blocked. Required methods DELETE|PROPFIND|PUT|GET|HEAD|POST|OPTIONS|REPORT

You Create Folders But Not Upload Files:

Run the same test as above via SSH:

curl -v -X PROPFIND

If you get:

Hostname was NOT found in DNS cache

Your server can't upload to itself due to a domain resolution issue. Ideally you should fix the resolution issue, alternatively update your /etc/hosts file to point your host at the local IP:

nano /etc/hosts localhost.localdomain localhost debian