Hiding WebDAV Directory Listings with Traefik

Created: 2025-06-06 02:48:42 | Last updated: 2025-06-06 02:48:42 | Status: Public

Problem

The bytemark/webdav:2.4 container shows directory listings to browsers by default, exposing file names publicly while still requiring authentication for file operations.

Solution

Override Apache configuration to disable directory browsing while preserving WebDAV functionality.

Requirements

  • Portainer CE
  • Traefik v3
  • Shell access to Docker host

Implementation

1. Create Apache Configuration

SSH into your Docker host and create webdav.conf in your stack directory:

<VirtualHost *:80>
    DocumentRoot /var/www/html
    DavLockDB /var/lib/dav/DavLock

    <Directory /var/www/html>
        Options -Indexes
        Dav On
        AuthType Basic
        AuthName "WebDAV"
        AuthUserFile /etc/apache2/users.password
        Require valid-user
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

2. Update Docker Compose

Add the configuration file as a volume mount:

version: '3.8'
services:
  webdav:
    image: bytemark/webdav:2.4
    container_name: webdav_tf
    restart: unless-stopped
    environment:
      - AUTH_TYPE=Basic
      - USERNAME=your_username
      - PASSWORD=your_password
    volumes:
      - /mnt/your-data:/var/www/html:Z
      - ./webdav.conf:/etc/apache2/sites-available/000-default.conf:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.webdav.rule=Host(`your-domain.com`)"
      - "traefik.http.routers.webdav.tls.certresolver=letsencrypt"
      - "traefik.http.services.webdav.loadbalancer.server.port=80"
    networks:
      - traefik
networks:
  traefik:
    external: true

3. Deploy

Redeploy your stack in Portainer. The key change is the Options -Indexes directive which disables directory browsing.

Result

  • Browser requests show 403 Forbidden instead of file listings
  • WebDAV clients continue working normally
  • Authentication still required for file operations
  • Private files remain hidden from casual browsing

Notes

  • WebDAV clients use PROPFIND/GET methods, not HTML directory requests
  • This approach maintains full WebDAV functionality while hiding directory contents
  • Configuration persists across container restarts

Download Options

Choose your download format: