How best to block/restrict WebDAV via ZIA

We would like to limit WebDAV to select servers for our ZIA users. As WebDAV is really just HTTP, how best to do this?

Our primary use case is blocking the use of WebDAV for payload delivery using native tools like msbuild.exe. In that specific scenario, we see this signature, but I can’t find a way to limit ZIA traffic based on the useragent.

OPTIONS	302	DavClnt

Could you not just block request method “other” in URL & Cloud App Control to these selected servers?

Just a late-night idea as WebDAV uses http extensions for file operations and WebDAV obviously needs methods LOCK and PROPFIND before GET. So maybe worth a try.

Based on our testing, PROPFIND is the most appropriate method, but I don’t seem to have it as an option under URL Filtering, only “OTHER”. That works, but it seems like a very blunt instrument.

Cloud App control doesn’t seem like a good fit because I want to do this globally. Adversaries’ WebDAV sites will probably not fit inside an existing app definition.