• 8 years

    1 year

    YetiShare / Core


WebDav Plugin Troubleshooting

CloudFlare HTTPS:

On certain WebDav clients the free CloudFlare HTTPS certificate doesn't validate WebDav wont work. You will need to either purchase an SSL certificate for your WebDav domain or use non-https via the plugin settings above.

In addition, if you're using external file servers on CloudFlare https, all servers will need Curl v7.36+ for ECC 256 bit SSL (minimum used by CloudFlare). You can install it on CentOS using the following command: (if this url is no longer available, check here for the latest)

rpm -Uvh
yum install libcurl

After, restart your webserver and PHP (if using php-fpm). Test by trying to connect to your site, like this:

curl -1IsS

Plesk, WHM/cPanel, CentOS CP Users:

You may have issues connecting via a WebDav client. These control panels can play with the authentication header so the script wont recognise the submitted username and password by default. To allow for this, edit the root .htaccess and change the last line to:

RewriteRule ^(.*)$ index.php?_page_url=$1 [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]

If you can't see this file ensure you've upgraded to the latest plugin code via your account.

Apache 403 Issues - Authenticates But No File Listing:

Ensure Apache hasn't restricted access to allowed http methods. In some config files (like /usr/local/apache/conf/extra/httpd-userdir.conf) you may see:

Require method GET POST OPTIONS

This only allows these 3 http methods. Either comment out or amend this line to the following and restart Apache.



Apache 403 Issues - "AH10411: Rewritten query string contains control characters or spaces" in Logs

Ensure your .htaccess file in the root of the script has the [B] modifier on the last line. Like this:

RewriteRule ^(.*)$ index.php?_page_url=$1 [QSA,B]



404 Issues:

Try comment the following line within - \plugins\webdav\site\control\.htaccess

#AuthType Digest

If you can't see this file ensure you've upgraded to the latest plugin code via your account.


WHM might be running ModSecurity which can block certain http methods that WebDav needs. This can be noticed when your WebDav client is authenticating fine but not listing any files. You may be seeing a "404 Not Found" error. To check for it:

1) Connect to your site using your WebDav client, such as CyberDuck.
2) Login to WHM and search for ModSecurity logs on the left.
3) Look for a recent error message similar to the following:

2016-05-06 10:40:19 CRITICAL 404 1234123435: Method is not allowed by policy
Request: PROPFIN /
Action Description: Access denied with code 501 (phase 2).
Justification: Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required.

4) If this exists, ModSecurity is indeed blocking WebDav. To fix it amend the relating ModSecurity rule to allow PROPFIN methods, or completely disable the rule altogether. The rule will look similar to the following:

# allow request methods
"phase:2,t:none,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'1234123435',tag:'POLICY/METHOD_NOT_ALLOWED'"

5) Ensure you rebuild & restart ModSecurity after the rule changes.

Blocked WebDav Methods:

Your server may be blocking the http methods required by WebDav. Run a test on SSH for check it:

curl -v -X PROPFIND

If you get:

405 Not Allowed

They are being blocked. Required methods DELETE|PROPFIND|PUT|GET|HEAD|POST|OPTIONS|REPORT

Potential Fix (Ubuntu):

sudo apt-get install nginx-extras
sudo systemctl reload nginx

Edit /www/server/nginx/conf/nginx.conf, in the "/" location block add:


$ sudo service nginx restart


File Listing But Downloads Not Working:

Ensure you've upgraded to the latest webdav plugin code and enable the 'allow_url_fopen' setting in your php.ini file.

You Create Folders But Not Upload Files:

Run the same test as above via SSH:

curl -v -X PROPFIND

If you get:

Hostname was NOT found in DNS cache

Your server can't upload to itself due to a domain resolution issue. Ideally you should fix the resolution issue, alternatively update your /etc/hosts file to point your host at the local IP:

nano /etc/hosts localhost.localdomain localhost debian