WEBDAV authentication for Office docunments on SSL enabled sites

As explained in my post related to the Webdav authentication issue using IE for Office documents on Windows 7, I found that the fix will not work for SSL enabled sites. To support HTTPS you will have to add the following lines in /etc/httpd/conf.d/ssl.conf file.


<VirtualHost>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PROPFIND)$ [NC]
RewriteRule ^.*$ – [F,L]
</VirtualHost>

Restart httpd

To generate an SSL certificate you can use OpenSSL library

Solving the authentication problem while opening Office documents hosted on Apache in IE8/IE9 on Windows 7

We were facing a problem in IE 8/9 on Windows 7 while accessing  Office 2007/ Office 2010 documents hosted on apache/Cent OS 4.6. After some analysis I found the reason and finally ended in a fix. See below my findings and solution. Hope this helps:

The main issue is with the Microsoft’s way of implementing Webdav protocol for accessing web content through Microsoft Web Client. When we click on a Office document then web client  sends HTTP /1.1 OPTIONS Request header to server to check the WebDav communication (My server doesn’t have WebDav). In response Apache return 200 OK Response header to Web Client which results in prompting the authentication screen by Windows 7.  Well you have option in IE to pass the authentication login automatically but that would be security breach as you will be exposing your machine authentication to internet so I would not prefer that. Best way is to configure Apache to reject these request. This is how i have solved. These changes needs to be done in httpd.conf file in /etc/httpd/conf folder (Cent OS 4.6)

# One way to doing it – Deny access based on request method


RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PROPFIND)$ [NC]
RewriteRule ^.*$ - [F,L]

# Another way to implementing – Deny acess based on user agent (Vista and Windows 7 used same user agent with different version so this Regx shall work for both

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Microsoft-WebDAV-MiniRedir
RewriteRule ^.*$ - [F,L]

Explanation on Flags:

1. [F] flag causes the server to return a 403 Forbidden status code to the client.

2. Use of the [NC] flag causes the RewriteRule to be matched in a case-insensitive manner. That is, it doesn’t care whether letters appear as upper-case or lower-case in the matched URI.

3. The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this means that if the rule matches, no further rules will be processed. This corresponds to the last command in Perl.

 Some References:

Microsoft knowledge article on authentication requests from office documents 

Apache mod_rewrite rule documentaion

fiddler tool for debugging HTTP requests