Error with PROFIND Requests

Have you ever seen an error trace like the below in the Sitecore log?

System.NotSupportedException: Unknown request type: PROPFIND
at Sitecore.Mvc.Helpers.WebHelper.GetRequestType (HttpContextBase httpContext)
at Sitecore.Mvc.Pipelines.Request.RequestBegin.ExecuteFormHandler.Process(RequestBeginArgs args)
...

I have and here is what I did to avoid it, but first let’s start with the basics.

PROPFIND is a HTTP method for Distributed Authoring used in WebDAV. Then, WebDAV (Web-based Distributed Authoring and Versioning) is a set of extensions of the HTTP protocol installed by default on Microsoft IIS, which allows users to collaboratively edit and manage files on remote web servers.

Used to retrieve properties, stored as XML, from a web resource. It is also overloaded to allow one to retrieve the collection structure (directory hierarchy) of a remote system. Many of them come from Microsoft Office products; in particular, Microsoft Office.

Request example
Response example

There was a security report a while ago which detailed a widespread security attack to some public servers that I will leave here as reference. The issue you are having might not be related to this, but is important to have this in mind.

Continuing with the resolution, we can disable WebDAV in the CM server because a CD server must never has this enabled. Here is how to disable WebDAV in Sitecore 8 and here is how to disable it in Sitecore 9.

If this doesn’t work for any reason, which happened in my case. Here is a list of changes of how to disable the handlers to completely remove WebDAV from the server.

This should be really it, but in my case I started to get “405 Method Not Allowed” responses which we had to block to avoid further alerts in our monitoring systems.

References:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.