WebDAV Explanation
WebDAV Explanation
When IIS is installed, a web service extension called WebDAV is installed but left inactive by default. The purpose of this is to allow document sharing over a web pipeessentially you can enable folders to show up in your Windows "My Network Places" and open/update/create/delete files as if they were in a normal operating system folder. This feature has some notoriety in the industry as the source of many security issues, and in general, no one wants to turn it on. As a second layer of security, you may have installed the "URLScan" utility. This is a security utility Microsoft provides to further reduce possible attacks on a web server. It does this by actually scanning incoming URLs and blocking those that match certain patterns or contain certain types of requests (standard HTTP requests are things like "GET" or "POST", while WebDAV would enable additional verbs, such as the "PROPPATCH" verb shown in Bookshelf). Therefore, you could turn on WebDAV, if you were so inclined, which might enable handling for 10 such requests (a.k.a. verbs) but then use URLScan to block certain ones (minimizing potential security holes). If you did all this, when a WebDAV call comes in, URLScan will get a shot at blocking it, and may or may not, depending on your settings. If it gets through, then it will get passed off to the WebDAV handler, which is a DLL (httpext.dll), which will do something with the request.
Server Name>/exchange into your browser, it will get re-directed to a Client Access Server OWA URL. However, davex.dll (which handles DAV requests for the Mailbox Server) does not redirect for non-browser WebDAV requests. It handles them locally on the mailbox server. Our SSSE components issue WebDAV requests to directly to the Mailbox Server, which handles them locally as described above and does not redirect to a Client Access Server.