Are WebDAV requests HTTP GET requests? Or are they PUT?
I ask because there might be a way to filter public access with a reverse-proxy to certain URLs (with, for example, a Squid redirector). Whether or not this kind of thing would work for certain types of WebDAV traffic, such as viewing folder contents, depends on the anatomy of a WebDAV request...
The idea of "restricting access by protocol" is still an open issue, and a relatively hard one to integrate with the intent of permissions in Zope (which are action-oriented rather than protocol-oriented). The proposed DAV change is something of a hack that happens to give most people what they want: the ability to keep people from using any old DAV client to inspect the structure of their site. By protecting "PROPFIND" ( a DAV HTTP verb) with a specific permission, the effect is that clients will be effectively unable to list site contents if you don't want them to. As far as GET / PUT, these are not distinguishable from a non-DAV GET / PUT (but those operations are protected by action-specific permissions anyway). So this is not a 100% solution, just one that happens to be a light-weight way to allow people to solve their immediate problem (in basically the same way we solve it for FTP). Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com