Managing File Extensions
As of Version 23.232.1, FileCloud lists php, php5, phar, phtml, php7, and htaccess as disallowed file extensions. If you are using a version of FileCloud earlier than 23.232, you are advised to add any of these extensions that are not include by default onto the Disallowed File list.
For security reasons you may want to create a set of rules for the working environment where many users have access to a central resource, such as files and folders in FileCloud.
- You can either create a list of file extensions to restrict, or create a list of file extensions to allow.
- If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored.
- These restrictions help to prevent users from uploading malicious attachments and viewing them.
- By default FileCloud restricts users from uploading any files with php extensions. This is to prevent any code injection.
Which list should I use? Allowed or Disallowed?
- If you know which file types you don't want to allow and this list is short, you can use the Disallowed setting.
- If you want to allow only a few file types to be uploaded, you can use the Allowed setting.
- If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored.