Deciding If and How to Disable WebDAV Access

Find out the options—and the caveats.

Paul Robichaux

February 27, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Is it possible to disable WWW Distributed Authoring and Versioning (WebDAV) access to Exchange Server 2003 systems?

Well, yes and no. Let me explain.

Microsoft IIS implements DAV in a DLL named HTTPExt.dll. Exchange 2003 and Exchange 2000 Server both support WebDAV by using a custom DAV implementation that lives in the DLLs DAVEx.dll and ExProx.dll. This separation makes it possible to disable WebDAV for IIS without disabling Exchange's WebDAV implementation. If that's what you're asking how to do, you can either set NTFS permissions that prevent the reading of HTTPExt.dll, or set the registry entry DisableWebDav, which the Microsoft article "How to disable WebDAV for IIS 5.0" (http://support.microsoft.com/?kbid=241520) describes. In either case, Exchange will be unaffected.

If you're trying to disable Exchange 2003's DAV implementation, be aware that Outlook Web Access (OWA) and several other Exchange components depend on DAV. By blocking specific DAV verbs at the network level (through a firewall) or by installing URLScan, you will break the Exchange DAV implementation. Make sure that the damage this will cause is worth whatever benefit you hope to gain.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like