Internet Information Services (IIS) version 5.x
supports the Distributed Authoring and Versioning (DAV) extensions to the HTTP
protocol as defined in RFC 2518. By default, the entire Web space of IIS is
capable of responding to WebDAV requests (even though the security settings
will not allow publishing by default).
This article details the
process for disabling WebDAV for an entire IIS 5.x
Because WebDAV is an extension to the HTTP protocol, the
concept of disabling WebDAV verbs is like disabling native HTTP verbs such as
GET, POST, and so forth. This article describes the process to use to disable
WebDAV for those extreme cases in which a Web administrator does not want any
WebDAV functionality at all.Note
WebDAV functionality on an IIS 5.x
Web server is made possible
through the Httpext.dll file, which is always installed. Simply renaming
Httpext.dll will not work because the new Windows File Protection (WFP)
functionality in Windows 2000 prevents the corruption or deletion of certain
system files. For more information on WFP, search Windows 2000 Help for
"Windows File Protection".Important
This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
How to back up and restore the registry in Windows
The registry value and necessary file updates
were first introduced in the Windows 2000 Security Rollup Package 1 (SRP1).
For more information
about SRP1, click the following article number to view the article in the Microsoft Knowledge Base:
Windows 2000 Security Rollup Package 1, January 2002
To completely disable WebDAV including the PUT and
DELETE requests, make the following changes in the registry.
- Start Registry Editor (Regedt32.exe).
- Locate and click the following key in the registry:
- On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableWebDAV
Data type: DWORD
Value data: 1
- Restart IIS. This change does not take effect until the IIS
service or the server is restarted.
Because the Internet Database Connector (IDC) script mappings support the OPTIONS
verb, you may notice HTTP 200 OK notifications in the IIS 5.x
Web logs after you add the DisableWebDav subkey.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Malformed WebDAV request can cause IIS to exhaust CPU resources