PHP:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$logsfolder = "dav-logs";
$num = rand();
echo "<center><b>WebDAV testpage</center>";
file_put_contents($logsfolder."/".$ip."-".$num.".log", "WebDAV Access Log
-------------
The following IP address has tried to access WebDAV for possible harmful activity:
".$ip."
--------------");
What the PHP above does is log each time someone tries to access your webDAV directory.
In order for this to work you're going to need to edit 2 files. .htaccess & httpd-dav.conf
in C:\xampp\apache\conf\extra\httpd-dav.conf, replace the entire file with this code:
Code:
#
# Distributed authoring and versioning (WebDAV)
#
# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias
# mod_auth_digest, mod_authn_file
#
<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module>
<IfModule alias_module>
<IfModule auth_digest_module>
<IfModule authn_file_module>
# The following example gives DAV write access to a directory called
# "uploads" under the ServerRoot directory.
#
# The User/Group specified in httpd.conf needs to have write permissions
# on the directory where the DavLockDB is placed and on any directory where
# "Dav On" is specified.
DavLockDB "C:/xampp/apache/logs/Dav.Lock"
Alias /lolcats "C:/xampp/lolcats/"
<Directory "C:/xampp/lolcats">
Dav Off
Order Allow,Deny
Allow from all
AuthType Digest
AuthName "XAMPP with WebDAV"
# You can use the htdigest program to create the password database:
# htdigest.exe -c "C:\xampp\security\webdav.htpasswd" "XAMPP with WebDAV" wampp
AuthUserFile "C:/xampp/security/webdav.htpasswd"
AuthDigestProvider file
# Allow universal read-access, but writes are restricted
# to the admin user.
<LimitExcept GET OPTIONS>
require valid-user
</LimitExcept>
</Directory>
#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with several clients that do not appropriately handle
# redirects for folders with DAV methods.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
</IfModule>
</IfModule>
</IfModule>
</IfModule>
</IfModule>
</IfModule>
Now navigate to your CMS directory, and create a file called webdav.php and put the php code provided (top of thread) in that and save it.
Now go into your .htaccess, and add this
Code:
RewriteRule ^webdav(|/)$ /webdav.php
and you're done.
PLANNED FOR NEXT VERSION:
- Alert in UberCMS housekeeping, via mysql.
- Ban user via hotel
- Ban user via .htaccess
- some easter eggs ;D