Banned File Extensions
The Banned File Extensions feature allows you to define a list of blocked file extensions for the Domain.
When configured, UDMG rejects upload and rename operations when the target filename ends with a blocked extension.
Before You Begin
Scope and Enforcement
This setting applies at the Domain level and is enforced across these transfer protocols:
- SFTP
- FTP(S)
- HTTP(S)
This feature does not apply to AS2 transfers.
The restriction is enforced at the time of the operation:
- Upload operations: Files with a blocked extension cannot be uploaded.
- Rename operations: Files cannot be renamed to a blocked extension. This prevents users from bypassing restrictions by uploading a file with an allowed extension and then renaming it to a blocked extension.
If a file matches a blocked extension:
- The operation is rejected.
- The response returned depends on the protocol used (see Logging and Error Responses).
Configuration and Normalization
Extensions must be specified as a comma-delimited list.
UDMG normalizes the configured value before evaluation:
- Extensions can be typed with or without a leading dot:
exe, bat.exe, .bat
- Whitespace is ignored.
- Duplicate entries are removed.
- Matching is case-insensitive.
When evaluating a filename, UDMG uses only the substring after the final ..
Examples
| Configuration Value | Normalized Extensions | File | Result |
|---|---|---|---|
| Empty | None | file.pdf | Allowed |
pdf | pdf | file.pdf | Blocked |
pdf, doc, xls | pdf, doc, xls | file.doc | Blocked |
pdf , doc , xls | pdf, doc, xls | file.xls | Blocked |
.pdf, .doc, .xls | pdf, doc, xls | file.pdf | Blocked |
pdf,,doc | pdf, doc | file.doc | Blocked |
pdf, doc, pdf, xls | pdf, doc, xls | file.pdf | Blocked |
PDF, Doc, xls | pdf, doc, xls | file.PDF | Blocked |
Logging and Error Responses
Blocked attempts are logged with relevant details, including:
- Username
- Filename
- Operation type (upload or rename)
- Timestamp
When a blocked extension is detected, UDMG returns a protocol-specific error:
| Protocol | Example Response |
|---|---|
| SFTP | SSH_FX_PERMISSION_DENIED |
| HTTP(S) (WTC) | 200 - {"uploaded":null,"failed":[{"filename":"sysctl.conf","error":"file extension .conf is not allowed"}]} |
| FTP(S) | 450 - Requested action not taken. File name not allowed. |
Error messages indicate that the file extension is not allowed but do not expose the full list of banned extensions.
Configuring Banned File Extensions
Changes to this setting take effect immediately after you click Update.
Only Admins can configure banned file extensions. To do so, follow these steps:
- From the Sidebar, click General > Settings.
- Select the Security - Settings card.
- Click Edit.
- Update the Banned File Extensions field. For formatting rules, see Configuration and Normalization.
- Click Update.
Viewing Banned File Extensions
To view the current Banned File Extensions, follow these steps:
- From the Sidebar, click General > Settings.
- Click the Security - Settings card.
- Extensions appear listed under the BANNED FILE EXTENSIONS section.