Secure WEBDAV

Has any one been able to establish a WEBDAV connection to their NAS via HTTPS?  I can map the drive via HTTP however any attempts at mapping the drive via HTTPS fails.  The manual is no help at all on this one.

Thanks.

 Hi,

I havent try that personally.

Did you take a look at page 119 and 121 of the user manual about enabling the service?

Link to user manual

http://www.wdc.com/wdproducts/library/UM/ENG/4779-705119.pdf

I’m not familiar with it either, but I think, based on what I see in the manual, it might be for http only…port 8080 is usually http. I doubt the EX2’s firmware by default supports https. Not sure, but that’s my guess. Of course, if one understands how it works, they can find ways to hack the firmware to implement https :slight_smile:

Read the manual, no help.

If you look at the drop down list of predefined port forwards WEBDAV should function on 8080 as well as 4443.  It is my GUESS that 4443 is supposed to be for a secure connection.  It doesnt work.

WEBDAV is pretty standard and so is secure WEBDAV, its a shame that these features dont work.  This is really limiting the usefulness of this NAS.  Seagate just released thier SOHO solution, I may have to look at that for my next purchase.

I personally would pick a QNAP or Synology for my next pick, now that I have cut my teeth on an inexpensive NAS. Asustor isn’t bad either. Their firmwares seem to be more comprehensive suites. But be aware they all have issues. The good thing though is they all, just like WD, offer their firmware source code. I just need to actually make sure I can compile their firmware code and can figure out how things are designed in their firmware BEFORE I buy any of thei devices. Also, a visit to check out their user forums on their sites is a good idea - to get the feel of what kinds of issues there are.

I do admit, if I was’t a technical person, I’d probably not have discovered the bug with the FTP and either blamed it on WD (which would be accurate) or blamed my inexperience…either way a frustrating experience. But then again, most tech purchases even today have some learning curve…but it shouldn’t be as steep as it is on the EX2/EX4/Mirror to get basic things like FTP or secure WebDAV to work.

What I find troubling is that WD has been distinctly quiet and refrained from responding any any of your and mine FTP threads…lest their admission of a bug causes even greater complaints. I know they are looking to fix it…but both the long delay in getting a fix and their public silence is not very reassuring - though they have privately assured me that it will get fixed…eventually.

I agree with what you advise and with what you said. 

I also noticed that WD has several job openings for firmware design engineers on their web site.  I have to wonder if they are badly understaffed for some reason and unable to take time away from new product development to finish up what they have already released.  As a consumer thats one reason that I have begun to really hate the tech industry as a whole.  For some reason it has become acceptable to release products that are only 95% functional with the expectation being that they will finish up the other 5% later.  This is true of most software programs these days as well as hardware.  With proper QC and product testing there is no reason a product like this should ever had made it out the door.

OK, to be fair I just found this, and it may very well be the reason I cant get the secure WEBDAV to work.  I am running all 64 bit windows 8.1 and windows 7 machines so I cant test beyond that.  Long story short, it appears that the problem MAY be in my computers, NOT the WDEX2.  The following is copied from Wikipedia;

Microsoft introduced WebDAV client support in Microsoft Windows 98 with a feature called “Web folders”. This client consisted of an OLE object which could be accessed by any OLE software, and was installed as an extension to Windows Explorer (the desktop/file manager) and was later included in Windows 2000. In Windows XP, Microsoft added the Web Client service also known as the WebDAV mini-redirector [10] which is preferred by default over the old Web folders client. This newer client works as a system service at the network-redirector level (immediately above the file-system), allowing WebDAV shares to be assigned to a drive letter and used by any software. The redirector also allows WebDAV shares to be addressed via UNC paths (e.g. http://host/path/ is converted to \host\path) for compatibility with Windows filesystem APIs. Some versions of the redirector are reported to have some limitations in authentication support. [11] In addition, WebDAV over HTTPS works only if a computer has KB892211-version files or newer installed. Otherwise Windows displays “The folder you entered does not appear to be valid. Please choose another” when adding a network resource. NOTE: 892211 has been superseded by KB907306. Windows Vista includes only the WebDAV redirector, but if you install a version of Office, Internet Explorer, OLE-DB or “Microsoft Update for Web Folders” you will get the original “Web folders” client. The update will only work on the 32-bit version of XP/Vista. [12] Microsoft states that 64 bit versions of Windows will never support the “Web folders” client. Instead users are limited to using WebDAV via the native Web Client service redirector. [13]

Hmm…thanks for clearing that up about secure WebDAV. I myself never used it or felt the need to use it…been using FTP since '95 and find it adequate for my needs.

I got this to work using a third-party application.  It’s called Netdrive and it allows you to map drives to letters using WebDAV, and SFTP.  there is a tick box to select SSL for the WebDAV and then you simply identify your port.  It worked like a charm and there is a free 30-day trial.  I have not bought it yet, but for $40, I probably will.

Another cool thing it does is allow you to map drive letters to OneDrive and Dropbox. 

Thanks for reporting this. I just checked Netdrive’s website out. Although $40 is reasonable, but I think for many folks who might have more than just one user, the cost can quickly multiply if they are required to buy 3, 4, 5 or more licenses depending on their needs.

Besides WebDAV client, the other features of Netdrive like an SFTP and FTP client are already available for free. I particularly like the popular, free, open-source FileZilla for that and have used it for years. And for all the other stuff that NetDrive offers, Google, Microsoft, Dropbox, etc. already provide free Windows clients that let you map drive letters in Windows Explorer. I personally just prefer to use my browser for my GoogleDrive and OneDrive accounts, since I don’t need a mapped drive most of the time.

Vertech1 - while doing a quick research for WebDAV, I came across this link. I don’t know if this will help you with your issues with Windows 7’s & 8.1’s WebDAV client implementation using HTTPS. I am sure you’ve done your own research when investigating this but thought I’d share it anyway, in the off chance that you didn’t see this somewhere.

http://www.webdavsystem.com/server/prev/v2/documentation/authentication/basic_auth_vista

Edit: Editing this post to paste the contents of that link here directly, for both convenience and in case that link ever becomes unavailable, folks can still find the info here. Contents from above link pasted below:
When developing Basic authentication and using Windows 7 & Vista as a WebDAV client note the following:

Windows 7 and Vista will fail to connect to server using insecure Basic authentication. It will not even display any login dialog. Windows 7 and Vista requires SSL / HTTPS connection to be used with Basic. If you try to connect via Add Network Location Wizard you will get the following error: “The folder you entered does not appear to be valid. Please choose another”. However you still can connect if you set the following registry key on a client machine: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\BasicAuthLevel to 2. The BasicAuthLevel can be set to the following values:
0 - Basic authentication disabled
1 - Basic authentication enabled for SSL shares only
2 or greater - Basic authentication enabled for SSL shares and for non-SSL shares
Unlike Windows XP WebDAV client, Windows Vista may attach a machine or domain name to the user name returned in Authorization header. It separates user name and domain with a single ‘\’ symbol: DOMAIN\User. Make sure you extract the user name correctly from Authorization header.

2 Likes

Cybernut1,

The article you posted seems to have cured my secure access problem via WEBDAV.   I still feel like we are having to jump through too many hoops to be able to access our data remotely with this drive and wish WD would fix the bugs concerning FTP and provide a more secure browser only access option.  (I dont like to open up the admin panel to web access.)

Thanks for your help Cybernut1!

Great! Glad that worked out for your WebDAV issue :slight_smile:

And to TeleRoy’s post about Netdrive, this now eliminates any reason to pay for any software like Netdrive when all the different things that Netdrive does is available for free already.

1 Like

I’m reviving this because Cybernut sent me here…

So, my aim is to access my MCEX2 shares via File Explorer (Win 8.1) from outside my home LAN (from any internet access out there).

Could Webdav be the solution?

I know I can use a Webdav address to map a network drive/share in File Explorer, but how should I map it to access it from outside my LAN?

Is there any particular setting in the dashboard I should be aware of? (Port forwarding is not a big issue for me…).

Second question: let’s say I have properly mapped my shares using webdav so that i can access them even from outside my LAN, when I am on my LAN will I still access them via internet or straight from the device? (with a VPN service everything was simpler, since I would access always the same folders, via VPN when outside my LAN, without VPN when inside my LAN).

Thanks for any help!

Nicolapizza - from what I can gather, though I might be wrong as I still can’t get it to work, webDAV should be what you need and you should only need to open port 8080 and make the registery change as mentioned by Cybernut1.

However, I can get webDAV folders to load fine using third-party software I still can’t get any windows machine (LAN and WAN) to work.  Still receiving the ‘folder you entered does not appear to be valid’ message.

I have tried setting registry change to 2 as suggested and 0, used LAN and WAN IP addresses, windows 7 and 8 pcs, ‘map a network drive’ and ‘add network location’ - none managed to get a single one to work.  With the former I get to the sign in staged but despite putting in correct details (also tried putting a \ at the front of username) but after three attempts fails to ‘folder you entered…’.  With the latter just straight away receive ‘folder you entered…’ upon hitting next - no load time or anything.

I am putting network address as http://[my.ip]:8080/[name of folder]. 

Am I doing something wrong or there something I have missed out - been trying to get this to work for five days now and it’s doing my head in.  Only got 25 days left of my NetDrive free trial and don’t fancy paying £30 per PC for something that should work anyway without it. 

I tried numerous times to get secure WebDAV working and have followed everything in the WD Community and nothing I found worked for me (on a Windows PC - Windows Vista, 7, 8.1 and 10). When I did get it working I didn’t need to make any registry edits, update any drivers or purchase any software (and it worked on each Windows version listed above). The issue I found to be strictly with Windows and no special configuration needed to be made to the My Cloud EX2 (other than the standard WebDAV settings).

In short Windows requires that you use a DNS name instead of an IP address to map a drive with WebDAV.

Here is what I did to get it to work:

  1. Turn on the WebDAV service on the Settings|Network page. I didn’t bother with the Port Forwarding settings on this page as it attempts to use UPnP to make the changes automatically in the router and that didn’t work for me so I didn’t use those settings.

  2. On the Shares page I turned WebDAV on for the share I wanted to be accessible.

  3. Since I still needed to setup up Port Forwarding I manually set that up in the router. I setup both 8080 (for http) and 4443 (for https) in the router. I am not going to explain that as it is defined in many places on this WD Community.

At this point you can access the drive using WebDAV from the local network.

The key thing to note is that Windows doesn’t like using IP addresses for the drive mapping. It does seem to allow it for http but definitely NOT for https.

  1. Select Map Network Drive from File Explorer. For the Folder path you will want to define it using one of the two methods below:

    http://CloudName:8080/ShareName
    https://CloudName:4443/ShareName

Where:

  • CloudName will need to be the name of your cloud device - You can get it from the Settings|General page, it is the Device Name field.
  • 8080 or 4443 will be the port number to use for the local network (no matter what definition you made in port forwarding).
  • ShareName will be the name of the share you made accessible to WebDAV. You could also add a subfolder to the share name if desired. i.e.: /ShareName/Test/User1

If the Share is not a Public share you will also need to provide the credentials for the user that has access to the share by selecting to Connect using different credentials before mapping the drive.

An alternative to using the Map Network Drive is to use the net use command at the DOS Prompt instead.

C:\>net use * https://CloudName:4443/ShareName /user:userid password

/user:userid password is optional if you are accessing a Public share.
The http string above can be used instead of the https string if you don’t want to use secure WebDAV.

If you want to access the drive externally using WebDAV or secure WebDAV you will need to do the following:

http access doesn’t seem to care but https requires a DNS name for the drive. The easiest way to do this (if you have authority) is to make an entry in the remote computer’s hosts file.

  1. You will need to determine your external IP address (google how to do this if needed).
    Edit the following file: C:\Windows\System32\drivers\etc\hosts

Add a line similar to the following (this example assumes your external IP address is 65.31.100.34):
65.31.100.34 myhouse

You can use whatever label you want instead of myhouse. (Edited) based on further testing do not add a period to the label you use - for example do not use myhouse.com (End of Edit)

  1. Select Map Network Drive from File Explorer. For the Folder path you will want to define it using one of the two methods below:

    http://DNSName:8080/ShareName
    https://DNSName:4443/ShareName

Where:

  • DNSName will need to be the name you defined in the hosts file. In this example it would be myhouse.
  • 8080 or 4443 will be the port number to use unless you forwarded different ports in your router with port forwarding. i.e.: if you forwarded 1080 for 8080 then you would use 1080 instead of 8080.
  • ShareName will be the name of the share you made accessible to WebDAV. You could also add a subfolder to the share name if desired. i.e.: /ShareName/Test/User1

If the Share is not a Public share you will also need to provide the credentials for the user that has access to the share by selecting to Connect using different credentials before mapping the drive.

An alternative to using the Map Network Drive is to use the net use command at the DOS Prompt instead.

C:\>net use * https://DNSName:4443/ShareName /user:userid password

/user:userid password is optional if you are accessing a Public share.
The http string above can be used instead of the https string if you don’t want to use secure WebDAV.

Again swap 4443 with a forwarded port if you defined a different port.

Hopefully this helps.

Glad you got it working…BUT…I don’t know why you claim that:

Others HAVE gotten it to work with just an IP address. I am not sure why it didn’t work for you…but IP address DID work for others. So thanks for proposing a alternate solution - BUT your assertion about IP address not working with WebDAV is not accurate. And we already did mention that the issue was not an EX2 issue but a Windows issue, in case you missed that :slight_smile:

It is possible though with changes in the EX2 firmware something may have changed, but I know for a fact (and it can be verified by googling) that WebDAV does indeed work with IP addresses. So to other users stumbling upon here…please see my above recommended solution that has been verified to work as an alternate to the solution posted immediately above.

I didn’t mean to suggest DNS names are a WebDAV requirement but rather a peculiarity between Windows and WD NAS’. I have also gotten IP addresses to work with the WD drives but only sporadically. And when I say sporadic I mean once in about 300 times. And I have seen numerous people still post that it isn’t working for them. Maybe it is a Windows policy, browser setting or antivirus setting that is affecting people differently.

I saw a post stating a DNS name was a requirement for the My Book Live which is what led me to try it. (and I think this was a WD response stating the requirement and a recommendation to use Dynamic DNS)

I took a brand new Windows 10 machine and setup the EX2 per WD’s directions and made a hosts file entry on the Win10 machine to fake a DNS name and it worked immediately (and repeatedly) without having to make a registry change, purchase software or update any drivers. And I proved this on five different machines, each at different locations. Without the hosts entry it fails every time (at least for https). The recommendations in what is considered the verified solution failed on the new Win10 machine as they have for me since the first time I read it. Sorry, but IMHO I simply have no confidence in that solution. Maybe someone else that has that solution working can chime in about there experience.

I don’t mean to sound combative but am simply offering a recommendation for anyone else that has not been able to get it to work [consistently] with the previously mentioned verified solution. My recommendation is very simple (use a hosts file entry on the remote machine). And no other change is needed. At the very least (as you have also pointed out) these are alternatives and it simply gives others something to try.

To be honest I don’t think either of us have found the true solution but rather work arounds to get something to work that should “just work” out of the box.

Hey, I understand and didn’t at all take it to mean combative. And hopefully you understand, neither am I :slight_smile: I am simply trying to post the correct info here for the benefit of other future readers.

But I disagree that mine was a workaround. It was really a fix for a Windows-issue that have been reported to work for several people, some who have not commented on this thread but privately messaged me.

I believe the biggest issue with your setup based on what I have read, is that you never assigned static IP address on your router for the EX2. That is usually the symptom for the IP address working only once out of 300 times…and the fact that you had to resort to hosts file editing. You wouldn’t need to do any of that if you setup a fixed IP for the EX2 on your router (aka DHCP reservation…ie. setting aside an IP on the router itself from the pool of DHCP address it uses based on the EX2’s MAC address). Did you set up a fixed IP on your router?

Thanks – I appreciate the response.

Actually I do have static IP’s assigned. That is the first thing I do with my equipment. I have a My Book World, My Book Live and two EX2’s. I can access them with IP’s for everything but secure WebDAV. The weird thing is http WebDAV works with IP addresses (internal and external access) but https for me requires a DNS name (for either internal or external). And as I have said it is the same for Win Vista, Win 7, Win 8.1 and Win 10. It really seems like a default Windows security type issue. Others that have gotten it to work with your approach may have tried other things before using your approach which may have complimented your approach. Otherwise the only other thing that maybe could be affecting me is my router. I have had multiple routers over the years that I have been trying to get this to work but they have all been LinkSys routers. It would seem REALLY hard to believe it is the router but you just never know.

My concern is that it is believed that this is resolved and yet I have not been able to get this working for several years. I just accepted it didn’t work. Every now and then I would try it again and just get disgusted. I see other people that have posted that they couldn’t get it working either and said they were going to purchase another vendor’s hardware. I have a long history with WD hardware and it would take a lot for me to go elsewhere. When I finally found the post about a DNS name being required for the My Book Live and tried it I could not believe it was that simple. And when I tested it with success on a brand new Win 10 pc and your approach still failed on the new Win 10 pc it seemed to confirm to me that your approach is not the full resolution. Also after testing this with 5 different Windows pc’s and your approach failing 100% on all five and my approach succeeding 100% on all five I felt the need to post my approach.

I as a consumer have wanted to get this working for years and as well want others to have additional options to try.