You can't disable WebDAV in Plone itself, it's tightly integrated in Zope.
Running WebDAV on another port would be okay, but using the webdav-address directive in buildout will only add an additional port on which Zope listens (webdav-source-server part in zope.conf). The existing port will still accept WebDAV traffic.
What you can do: Make your web server filter out the WebDAV commands. For nginx, this is done by adding
dav_methods off;
to the server block in your nginx.conf.
For Apache, see http://stackoverflow.com/questions/9127269/how-can-i-stop-people-accessing-a-plone-server-via-webdav Also note the "Access WebDAV" permission referenced in a reply to that question.
Other links that helped me:
http://opensourcehacker.com/2011/12/28/minimal-nginx-front-end-configuration-for-plone-on-ubuntudebian-linux/
http://wiki.nginx.org/HttpDavModule
(updated 2012-09-14 to replace limit_except with dav_methods, thanks Gil Forcada)
(2012-10-07: Developer manual updated, http://collective-docs.readthedocs.org/en/latest/serving/webdav.html)
No comments:
Post a Comment