See Main Servlet on how to protect this servlet.
webdav.servlet.hosts.allowed= webdav.servlet.https.required=false