Start FileCloud FREE Trial
Log in

Managing File Extensions

As of Version 23.232.1, FileCloud lists php, php5, pharphtml, php7, and htaccess as disallowed file extensions. If you are using a version of FileCloud earlier than 23.232, you are advised to add any of these extensions that are not include by default onto the Disallowed File list. 


For security reasons you may want to create a set of rules for the working environment where many users have access to a central resource, such as files and folders in FileCloud.

  • You can either create a list of file extensions to restrict, or create a list of file extensions to allow.
  • If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored. 
  • These restrictions help to prevent users from uploading malicious attachments and viewing them.
  • By default FileCloud restricts users from uploading any files with php extensions. This is to prevent any code injection.


Which list should I use? Allowed or Disallowed?

  • If you know which file types you don't want to allow and this list is short, you can use the Disallowed setting.
  • If you want to allow only a few file types to be uploaded, you can use the Allowed setting.
  • If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored. 

What Do You Want to Do?


If you leave an empty space in your list, then you will allow files that don't have an extension to be uploaded.

  • An empty space is defined as a delimiter character followed by no value.
ExamplesDescriptionImpact on Uploading Files
png | jpg |

Allow files to be uploaded with an extension of:

  • png
  • jpg
  • empty

Only the following files can be uploaded by users:

  • Portable Network Graphics
  • Joint Photographic Experts Group
  • Any file without an extension (for example, a file named config)
png | jpg

Allow files to be uploaded with an extension of:

  • png
  • jpg

Only the following files can be uploaded by users:

  • Portable Network Graphics
  • Joint Photographic Experts Group

To allow extensions in the Admin Portal:

  1. Log into admin portal
  2. From the left navigation panel, select Settings.
  3. On the Settings screen, select the Misc. tab, and then the General tab.
  4. Scroll down until you see the Allowed File Extensions box.
  5. In the Allowed File Extensions box, specify the allowed extensions, using the "|" character to separate each extension.

    Notes:

(warning) If you add extensions to the Allowed File Extensions list, then any extensions in the Disallowed File Extension list will be ignored.

(warning) If you leave an empty space in your list, then you will allow files that don't have an extension to be uploaded.

This list of extensions must use the following character as the delimiter:

    • '|'

    • For example, to restrict the mp4 and mp3 extensions:

      mp4|mp3 

To disallow extensions in the Admin Portal:

  1. Log into admin portal.
  2. From the left navigation panel, select Settings.
  3. On the Settings screen, select the Misc. tab, and then the General tab.
  4. Scroll down until you see the Disallowed File Extensions box.
  5. In the Disallowed File Extensions box, add the additional restricted extensions.

Notes:
(warning) If you add extensions to the Allowed File Extensions list, then any extensions in the Disallowed File Extension list will be ignored.


This list of extensions must use the following character as the delimiter:

  • '|'

  • For example, to add restrictions for mp3 and mp4 to the list of disallowed extensions:

    php|php5|phar|phtml|php7|htaccess|mp3|mp4