What is WebDAV and how does the protocol work?
WebDAV is a transfer protocol that allows files or entire directories to be made available over the internet and transferred to different devices. In this article, we explain what the protocol is, what its advantages are, and which alternatives to WebDAV are available.
- KVM based dev servers for developers
- Scalable to enterprise cloud level
- Pay-as-you-go, per-minute billing
What is WebDAV?
The WebDAV protocol was developed by the IETF (Internet Engineering Task Force). It was initiated by Jim Whitehead, who founded the corresponding working group in 1996 following a meeting with Sir Tim Berners-Lee, the inventor of the World Wide Web. Berners-Lee originally envisioned the web as a medium where content could not only be read but also edited by everyone. Because such editing capabilities could not be realized with the original set of web protocols, Whitehead and Berners-Lee jointly developed the concept behind WebDAV.
The first version of the protocol was published in 1999 as RFC 2518. The current version is defined in RFC 4918.
WebDAV is a network protocol whose name stands for Web-based Distributed Authoring and Versioning. It enables files to be made available and transferred over the internet. WebDAV is an extension of the Hypertext Transfer Protocol (HTTP) and is also compatible with newer protocol versions such as HTTP/2 and HTTP/3. These protocols form the basis for delivering and displaying web content.
How does the WebDAV protocol work?
To transfer data using WebDAV, both the client and the server must support the protocol. As WebDAV is an established standard, most common web servers provide a suitable implementation. In addition, many operating systems, including Windows (since XP), macOS, and Linux, offer built-in support for file transfers via WebDAV.
On Windows systems, no additional software or drivers are required to use WebDAV. A WebDAV connection can be set up directly in File Explorer, where the server is then displayed like a local drive. This allows users to open, edit, delete, and save files on the server in the same way they would work with files stored on their own computer. As a result, WebDAV enables real-time access to cloud-based or remote files without the need to download them locally, edit them separately, and upload them again afterward.
Core features of the WebDAV protocol
- Property management: WebDAV allows metadata for files and directories to be stored, read, and modified, including information such as the author, modification date, or custom properties.
- Namespace management: Files and directories can be copied, moved, created, and deleted within the server’s URL namespace, similar to a traditional file system structure.
- Locking: WebDAV supports resource locking to prevent multiple users from editing the same file simultaneously and unintentionally overwriting each other’s changes.
- Collections: WebDAV uses the concept of collections, which are comparable to directories in a file system. This makes it possible to organize and manage groups of related resources together.
- Versioning (via the Delta-V extension): The Delta-V extension adds version control to WebDAV, allowing different versions of resources to be tracked, managed, and restored if needed.
Setting up WebDAV on the server
Setting up a WebDAV connection depends on the provider. In most cases, access management or a dedicated login is configured on the server, which can then be used to transfer files via the protocol. In addition to a username and password, the required connection details usually include the server’s IP address or host name. Native browser support for WebDAV is often limited, however, and may require additional plugins, extensions, or dedicated apps.
Setting up a connection to a WebDAV server on Windows
On Windows, setting up a connection to a WebDAV server is relatively straightforward. Proceed as follows:
- Open File Explorer.
- Right-click “This PC” and select “Add a network location.”
- Click “Choose a custom network location” and enter the WebDAV server URL.
- Click “Next.”
- In the window that opens, enter your login details and confirm them to complete the setup process.
- Under “This PC,” you should now see, among other things, the newly set up access option for the WebDAV server.
In current Windows versions such as Windows 11, WebDAV support is still available, but it is no longer enabled or installed by default. On Patch Tuesday in June 2025, Microsoft fixed a critical vulnerability in the WebDAV implementation (CVE-2025-33053). Through this remote code execution vulnerability, attackers could use manipulated WebDAV URLs to execute malicious code remotely. The vulnerability affects many Windows versions and has a high severity rating. Installing the security updates released for this issue is therefore absolutely essential so the service does not remain vulnerable.
What are the benefits of the WebDAV protocol?
Because WebDAV is built on HTTP, it also uses the standard HTTP port 80 for transfer, which is usually not blocked by firewalls. With alternative transfer methods such as FTP or SSH, additional ports often need to be opened in the firewall settings. This not only increases configuration effort, but also introduces additional security risks. With transfers via WebDAV, data security is generally not affected by such issues when appropriate measures (encryption and authentication) are in place. In addition, because the extra setup effort is eliminated (especially since a WebDAV server can be easily integrated into an existing HTTP server), the responsible system administrators also save a lot of time and effort.
WebDAV does not include built-in encryption or access control, which means connections are not automatically secured without additional safeguards. To use WebDAV safely, connections should be established over HTTPS and protected with strong server-side authentication to ensure that data and login credentials are encrypted during transmission. Without these measures, transmitted content may be exposed in plain text and become vulnerable to interception or attacks.
In addition, security risks can arise from improperly configured WebDAV servers. Regular updates, strong passwords, restricted access rights, and timely security patches are therefore essential to protect against known vulnerabilities and exploits that specifically target WebDAV functionality.
Overview of WebDAV server and client support
Which servers and clients are compatible with the WebDAV protocol? The following list provides an overview.
Servers that support the WebDAV protocol
- Apache HTTP server: various WebDAV modules that are optionally based on the Linux tool davfs2 or the Apache Subversion (SVN) version control system
- Microsoft IIS: its own WebDAV module
- NGINX: its own, very limited WebDAV module, or the option to obtain a third-party module
- SabreDAV: a PHP application that can be used in Apache or NGINX as a WebDAV add-on instead of the bundled modules
- ownCloud: cloud storage application with full WebDAV support
- Nextcloud: an ownCloud fork that also offers WebDAV support
- lighttpd: optional module available
- Caddy: optional module available
Modern cloud and file system solutions now offer WebDAV as one of many different interfaces.
Clients that support the WebDAV protocol
- Linux
- davfs2
- macOS (including native support for CalDAV and CardDAV, which are built on WebDAV)
- Microsoft Windows
- File Explorer / macOS Finder
- Cyberduck
What alternatives are there to WebDAV?
WebDAV is part of the internet protocol family. The alternatives to the WebDAV protocol are listed below.
- Cloud API-based solutions: Cloud APIs are interfaces that allow applications and services to exchange data and functions in the cloud without users having to manually download or upload files.
- SMB / NFS over VPN: Protocols such as SMB (Server Message Block) and NFS (Network File System) are traditional network file-sharing systems that can be used over a VPN so remote clients can securely access remote file shares as if they were on the same local network.
- REST / GraphQL APIs: REST and GraphQL APIs are modern web interfaces that allow applications to exchange data in a targeted way via HTTP requests.
- FTP (File Transfer Protocol): Simple network protocol that enables the transfer of files in computer networks; can be combined with SSL/TLS (FTPS) for secure data traffic
- SSH File Transfer Protocol (SFTP): Extension of FTP via the Secure Shell (SSH) protocol, which adds additional secure file transfer features to the transport protocol
- rsync: Protocol and tool for synchronizing files
- AtomPub: HTTP-based protocol for creating and updating web resources
- Content Management Interoperability Services (CMIS): Open standard that enables different content management systems to exchange information over the internet.


