Managing File Extensions
You can prevent specific file extensions from being uploaded in FileCloud 10.0 and later.
Existing files cannot be renamed to use a restricted file extension in FileCloud 17.3 and later.
You can create a list of only the file extensions you want to allow to be uploaded in FileCloud 19.1 and later.
Prior to FileCloud Version 21.2, Disallowed File Extensions listed php and php5 by default; from Version 21.2 on, it lists php, php5, phar, and phtml. If you are using a version of FileCloud earlier than 21.2, you are advised to add phar and phtml to the Disallowed File list. See Advisory 2021-09 Upload of Potentially Unsafe File Types for more information.
For security reasons you may want to create a set of rules for the working environment where many users have access to a central resource, such as files and folders in FileCloud.
- You can either create a list of file extensions to restrict, or create a list of file extensions to allow.
- If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored.
- These restrictions help to prevent users from uploading malicious attachments and viewing them.
- By default FileCloud restricts users from uploading any files with php extensions. This is to prevent any code injection.
Which list should I use? The Allowed or Disallowed?
- If you know which file types you don't want to allow and this list is short, you can use the Disallowed setting.
- If you want to allow only a few file types to be uploaded, you can use the Allowed setting.
- If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored.