WebDAV (Synology) throws a 405 error


I’m hosting a WebDAV server on my Synology NAS that is reachable from outside my LAN using my own domain.

HAproxy (v: 2.2.4-de45672) is running on my firewall (IPFire) with the configuration below (shortend).

Question: when accessing or better writing a file to my Synology, using URI https://webdav.mydomain.de/pw.kdbx I get an error 405 when the program (Keepass) that tries to write this files, is firing a MOVE command.

Mar 30 14:28:59 localhost.localdomain haproxy[1960]: [30/Mar/2021:14:28:59.877] http_https~ webdav_serv
er/webdav01 0/0/0/21/21 405 405 - - --NI 2/2/0/0/0 0/0 {webdav.mydomain.de||} "MOVE /pw.kdbx.tmp HTTP/1.1"

OTH, all runs well when the program uses the path https://webdav.mydomain.de/webdav/pw.kdbx instead.

So, question is: where is the error in my config? Can you please give my any hint to correct this?


    log local1
    stats socket /var/run/haproxy.sock mode 600 level admin        
    stats timeout 2m

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        nobody
    group       nobody
    tune.ssl.default-dh-param 2048
    tune.maxrewrite 4096

    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  http-server-close
    option                  forwardfor except
    option                  redispatch except 
    retries                 3
    timeout http-request    30s
    timeout queue           1m
    timeout connect         30s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 30s
    timeout check           30s
    maxconn                 3000

# Frontend Configuration
frontend http_https
    mode http
    http-request set-header X-Forwarded-Proto https
    http-request redirect scheme https code 301 if !{ ssl_fc }
    http-request replace-header destination ^https(.+) http\1

    http-response set-header Strict-Transport-Security max-age=31536000
    http-response set-header X-Xss-Protection 1;\ mode=block
    http-response set-header X-Robots-Tag none
    http-response del-header Server
    http-response set-header X-Content-Type-Options: nosniff
    http-response set-header Referrer-Policy no-referrer-when-downgrade

#Backend Configuration
    acl is_webdav_domain hdr_beg(host) -i webdav.mydomain.de
    acl is_webdav_path path -i /webdav/

    http-request replace-path /(.+) /webdav/\1 if is_webdav_domain !is_webdav_path 
    use_backend webdav_server if is_webdav_domain
    acl is_webdav_path path_beg -i /webdav/
    use_backend webdav_server if is_webdav_path 

    default_backend no_match

backend webdav_server
    balance leastconn
    cookie WEBDAVSERVER insert indirect nocache
    http-check disable-on-404
    http-check expect status 401
    option httpchk GET /webdav

    server webdav01 cookie webdav01 inter 60s

backend no_match
   http-request deny deny_status 400

You should read this thread and see if this also applies to you: