Security Tip: Block Specific File Types

Tagged with: , , , , , , , ,
Monday, March 5, 2007, 21:26
This news item was posted in Provisioning category and has 0 Comments so far.

Collobration is great but we all have to admit that sometimes SharePoint users, all application users as a matter of fact, are naive. They will do things that defy all logic. We as administrators have to learn to control their actions for the sake of maintaining improving system security. That includes controlling what they can upload and what they can’t.

SharePoint 2007 comes with some great security features. Today, I will be discussing Block / Restrict Uploading of Specific File Types. Tip 20 of 25 Security Tips For Your SharePoint Environment provided by Joel Oleson.

Tip 20: Increase blocked file types to include non approved content

Default List of Blocked File Extensions

Just to start off, there is actually a list of Blocked File Extensions (which includes files with curly braces { or }) that are set by default. The reason for this list is that all of these file types are considered executable files by Windows Explorer. The list of default blocked file types ranges from ade to bat to url.

Blocked File Naming Conventions

SharePoint 2007 will look through the filename for the first iteration of . and anything after that is ignored.  For example, if the .asp extension is on the list of blocked file extensions, then the following list of filenames are blocked:

  • filename.asp
  • filename.asp.
  • filename.asp.{3050F4D8-BB82-11CF-98B5-00AA00BDCE0B}
  • filename.asp::$DATA

Limits

Of course you can block as many files as you want; however, SharePoint 2007 limits up to 1024 file types.

How To Blocked File Types

You can easily browse to the Blocked File Types as follows:

  1. Go to your Central Administration site
  2. Click on the Operations tab
  3. Under Security Configuration, click on Blocked File Types

This will bring you to the configuration page where you can edit the list of file types not allowed / blocked/ restricted on your SharePoint 2007 server. In there, you can type in what file extensions to block and for which application.

Precautionary Note

This is all great to not allow naive users from uploading files that might cause SharePoint to shut down.  However, a few other tips you should definitely consider:

  • Installing Antivirus (Forefront)
  • Limiting upload file size
  • What else would you suggest?

Inspirations and References

Related Posts:

  • ShareSquared Offers Comfortable SharePoint Training
    • ShareSquared has launched a new way to learn SharePoint.... inexpensive and travel free. Training is provided from your own desk with Virtual Roundtable Sessions.
  • Top 5 Security Related Features
    • Joel has a great post on the Top 5 Security Related Features in Sharepoint 2007. Information Policies - Auditing of security, deletions, etc...on lists and Site
  • Windows SharePoint Services (WSS) 3.0 Software Development Kit (SDK)
    • The Windows SharePoint Services 3.0 software development kit (SDK) contains conceptual overviews, programming tasks, samples, and references to guide you in developing solutions based on
  • Microsoft Just Released - DOWNLOAD - Forefront Security For Sharepoint Beta
    • Microsoft Corp. today is launching the public beta of Forefront Security for Sharepoint. This latest release of Microsoft Forefront security products for businesses is based
  • Top Customization Tips for CRM
    • There's quite a bit of information that you can get on customizing Dynamics CRM. Even if you are familiar with the basic features
    Both comments and pings are currently closed.

    Comments are closed for this Article !

    SharePoint Weekly Review (03.03.07)
    How To Enable ASP.NET Debugging Web Parts and SharePoint Solutions