MORE INFORMATION

Because WebDAV is an extension to the HTTP protocol, the concept of disabling WebDAV verbs is like disabling native HTTP verbs such as GET, POST, and so forth. This article describes the process to use to disable WebDAV for those extreme cases in which a Web administrator does not want any WevDAV functionality at all.

Note WebDAV functionality on an IIS 5.0 Web server is made possible through the Httpext.dll file, which is always installed. Simply renaming Httpext.dll will not work because the new Windows File Protection (WFP) functionality in Windows 2000 prevents the corruption or deletion of certain system files. For more information on WFP, search Windows 2000 Help for "Windows File Protection".

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
The registry value and necessary file updates were first introduced in the Windows 2000 Security Rollup Package 1 (SRP1). For additional information about SRP1, click the following article number to view the article in the Microsoft Knowledge Base:

To completely disable WebDAV including the PUT and DELETE requests, make the following changes in the registry.

1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters

3. On the Edit menu, click Add Value, and then add the following registry value:

   Value name: DisableWebDAV
   Data type: DWORD
   Value data: 1

4. Restart IIS. This change does not take effect until the IIS service or the server is restarted.

Note Because the Internet Database Connector (IDC) script mappings support the OPTIONS verb, you may notice HTTP 200 OK notifications in the IIS 5.0 Web logs after you add the DisableWebDav subkey.