Securing webdav w/Linux-apache2

I just got rid of Frontpage extensions for updating our website since it
will be EOL soon anyway. I am now making the switch to webdav and can
only seem to get it working insecurely.

When I try to lock it down as follows it does prompt for ID/password
when accessing web folders from the browser for our main website /.
However it also prompts for ID/password for regular access to our main
website /.

Anyone know how I can only set login/password just for webdav access for
the same webserver?

<Location />
DAV On
AuthType Basic
AuthName "WebDAV"
AuthUserFile /etc/httpd/davpasswd.dav
Require user admin
</Location>

thx

"Rock" <rock@ns> schreef in bericht
news:1119394392.744769@nntp.acecape.com...
> I just got rid of Frontpage extensions for updating our website since it
> will be EOL soon anyway. I am now making the switch to webdav and can
> only seem to get it working insecurely.

> When I try to lock it down as follows it does prompt for ID/password
> when accessing web folders from the browser for our main website /.
> However it also prompts for ID/password for regular access to our main
> website /.
>
> Anyone know how I can only set login/password just for webdav access for
> the same webserver?
>
> <Location />
> DAV On
> AuthType Basic
> AuthName "WebDAV"
> AuthUserFile /etc/httpd/davpasswd.dav
> Require user admin
> </Location>
Try
<limitexcept GET>
Require user admin
</limitexcept>
to not require authentication on normal retrieval of documents
Considering the tweaks needed to examine the _source_ of scripts, I think
you'll end up with an extra vhost -using https-.
http://httpd.apache.org/docs-2.0/mod...v.html#example

HansH