Thursday, 7 February 2013

Windows WebDAV Double Authentication 401 Requets

Speed up trick for Windows 7 WebDAV Client

One way to conveniently develop remotely with Eclipse + PyDev is to run WebDAV on the remote server and map it as a networked drive in Windows (PyDev over Eclipse Target Managmenet does not play nicely). WebDAV works rather well except it is not the fastest especially on initial project creation /project refreshing and if your share is protected with a username/password; below is how I improved the performance.

Apparently by protocol design and due to security Windows 7 client does not cache it's authentication and so on each request first an anonymous attempt is made followed by an authenticated one:

...
72.38.184.18 - - [22/Jan/2013:23:05:04 +0000] "PROPFIND /Files HTTP/1.0" 401 751
72.38.184.18 - username [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files HTTP/1.0" 301 495
72.38.184.18 - - [22/Jan/2013:23:05:04 +0000] "PROPFIND /Files/ HTTP/1.0" 401 751
72.38.184.18 - username [22/Mar/2011:23:05:04 +0000] "PROPFIND /Files/ HTTP/1.0" 207 1175
72.38.184.18 - - [22/Jan/2013:23:05:07 +0000] "PROPFIND /Files HTTP/1.0" 401 751
...

After a bit of research I was able to implement a work around, allow anonymous access to the PROPFIND requests which are mainly used for directory listings and authenticated access for everything else. Refreshing a python/djagno project will take half as long for example 21876 files took 11 minutes with no authentication vs 21 with authentication

## Development HTTP Site
<VirtualHost *:80>
  ServerAdmin FOO@FOO.com
  ServerName development.FOO.com
  ServerAlias www.development.FOO.com

  # Log file location and settings; logs within project is ok as long as 'links' are made to system 'var/log/apache'
  ErrorLog /var/log/apache2/development.FOO.com-error.log
  CustomLog /var/log/apache2/development.FOO.com-vhost_combined-access.log vhost_combined

  # Canonical to always strip www - see: http://stackoverflow.com/questions/88011/make-apache-automatically-strip-off-the-www
  RewriteCond %{HTTP_HOST} ^www\.(.+)$
  RewriteRule ^(.*)$ ${SERVER_PROTOCOL}://%1/$1 [R=301,L,NC]

  # Authenticated access for the development site version - because without this Google will find you!
  # Just in case we also prevent serving of the password logins file if it is stored in a serving folder.
  Redirect /apache-logins.htdigest http://development.FOO.com
  <Location />
    AuthType Digest
    AuthName "development.FOO.com"
    # AuthDigestDomain which urls (and any under it) this applies - should match location
    AuthDigestDomain /
    AuthDigestProvider file
    AuthUserFile /srv/www/django/development.FOO.com/apache-logins.htdigest
    # uncomment the LimitExcept to receive a small boost for non caching Windows WebDAV client by allowing
    # anonymous directory listing; see http://serverfault.com/questions/250578/webdav-and-windows-7-client
    <LimitExcept PROPFIND>
     Require valid-user
    </LimitExcept>
  </Location>

  WSGIProcessGroup development.FOO.com
  # You can further limit processes, threads and set a inactivity-timer so deamon get unloaded
  WSGIDaemonProcess development.FOO.com display-name=%{GROUP}
  WSGIScriptAlias / /srv/www/django/development.FOO.com/apache-django-development.wsgi

  # Serve static / media files through apache instance and alias/map them to specific urls. to maximize security
  # `Options -Indexes` is enabled to prevent directory listing
  Options -Indexes
  Alias /robots.txt /srv/www/django/development.FOO.com/src/django-project/static/robots.txt
 #Alias /sitemap.xml /srv/www/django/development.FOO.com/src/django-project/static/sitemap.xml
  Alias /favicon.ico /srv/www/django/development.FOO.com/src/django-project/static/favicon.ico
  Alias /media /srv/www/django/development.FOO.com/src/django-project/static/
  Alias /static /srv/www/django/development.FOO.com/src/django-project/static/

</VirtualHost>

Hope this helps you out, feel free to follow me on twitter or google plus: @danielsokolowski and +1 this.