SharePoint 2010–Blocked File Types

SharePoint has a nice little security feature for blocking certain files from being uploaded to SharePoint libraries because of security issues. Each Web application maintains a list of blocked file types that is based on file name extensions. For example, you can block files that have the .exe extension because those files can be run on the client computer and can contain malicious code. I was asked a question the other day about blocked file types in SharePoint 2010 and how to allow them into a SharePoint repository. Now I realize that this is a massive risk but the client had a reason for wanting to do this because they wanted to store installation packages in a SharePoint library. This is generally considered not best practices, but if you have a site that is trusted and only a few individuals have upload rights, you are effectively creating a network share for installation packages.

However, I will stress that you should never allow any executable file in your SharePoint site. But…there is an exception to every rule and this is probably one of them.

Using SharePoint 2010 Central Admin

First navigate to Central admin and once there click on the security section

image

Once in the security section you need to be in General Security | Define blocked file types

image

Here you will find a list of file with file type extensions just add or remove the files you wish to block or unblock and then click ok. This is a global setting across all site collections so happy blocking. And don’t forget to check and tighten up on the media files including WMA, MP3, MP4, MOV, WMV etc. it will save you gigabytes of storage later.

image

Using PowerShell Commandlets

Get-SPBlockedFileType

 

function Get-SPBlockedFileType {
<#
.Synopsis
 This function can be used to retrieve blocked file types for a SharePoint Web Application.
.Description
 This PowerShell function uses the SharePoint Object Model to get all file
 types in the BlockedFileExtensions property for a Web Application.
.Example
 C:\PS>Get-SPBlockedFileType -WebApplication http://intranet
 This example gets blocked file types for a SharePoint Web Application at http://intranet.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$WebApplication
)
$WebApp = Get-SPWebApplication $WebApplication
$Extensions = $WebApp.BlockedFileExtensions
$Extensions | ForEach-Object {Write-Host $_}
}

Add-SPBlockedFileType

Add-SPBlockedFileType
function Add-SPBlockedFileType {
<#
.Synopsis
 This function can be used to add a blocked file type for a SharePoint Web Application.
.Description
 This PowerShell function uses the SharePoint Object Model to add file
 types to the BlockedFileExtensions property for a Web Application.
.Example
 C:\PS>Add-SPBlockedFileType -WebApplication http://intranet -Extension ps1
 This example adds the ps1 file type to the BlockedFileExtensions collection
 for a SharePoint Web Application at http://intranet.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$WebApplication,
[Parameter(Mandatory=$true)][System.String]$Extension
)
$WebApp = Get-SPWebApplication $WebApplication
$Extensions = $WebApp.BlockedFileExtensions
$Extensions.Add($Extension)
$WebApp.Update()
}

Remove-SPBlockedFileType

function Remove-SPBlockedFileType {
<#
.Synopsis
 This function can be used to remove a blocked file type from a SharePoint Web Application.
.Description
 This PowerShell function uses the SharePoint Object Model to remove file
 types from the BlockedFileExtensions property for a Web Application.
.Example
 C:\PS>Remove-SPBlockedFileType -WebApplication http://intranet -Extension ps1
 This example removes the ps1 file type from the BlockedFileExtensions collection
 of a SharePoint Web Application at http://intranet.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$WebApplication,
[Parameter(Mandatory=$true)][System.String]$Extension
)
$WebApp = Get-SPWebApplication $WebApplication
$Extensions = $WebApp.BlockedFileExtensions
$Ext = $Extensions.Remove($Extension)
if($Ext -eq $true){
Write-Warning "Filetype $($Extension) has been removed from Web Application $(($WebApp).Name)"
}
else{
Write-Warning "Unable to delete filetype $($Extension) from Web Application $(($WebApp).Name)"
}
$WebApp.Update()
}

 

Using Visual Studio 2010:

  • Open Visual Studio 2010.
  • Go to File => New => Project.
  • Select Console Application from the installed templates.
  • Enter the Name and click Ok.
  • Add the following references.

    o Microsoft.SharePoint.dll
  • Add the following namespaces.

    o using Microsoft.SharePoint;

    o using System.Collections.ObjectModel;

  • Replace the code with the following.

    string webAppUrl = "http://<server>/";

    string addBlockFileType ="aspx";

    string removeBlockFileType ="asp";

    SPWebApplication webApp =SPWebApplication.Lookup(new Uri(webAppUrl));

    Collection<string> blockFileTypes = webApp.BlockedFileExtensions;

    foreach (string fileExtension in blockFileTypes)

    {

    // displaying all the file extensions that are blocked

    Console.WriteLine(fileExtension.ToString());

    }

    Console.ReadLine();

    // adding blocked file type

    blockFileTypes.Add(addBlockFileType);

    // removing blocked file type

    blockFileTypes.Remove(removeBlockFileType);

    webApp.Update();

  • Build the solution.

  • Hit F5.

  • All the file extensions from the blocked file type will be displayed as shown in the following.

    Block3.gif

  • A new file extension "aspx" is added and the existing file extension "asp" is removed successfully.

Default Blocked File Extensions

The following table shows the file types that are blocked by default and their corresponding file name extensions.

File name extension File type

.ade

Microsoft Access project extension

.adp

Microsoft Access project

.app

Application file

.asa

ASP declarations file

.ashx

ASP.NET Web handler file. Web handlers are software modules that handle raw HTTP requests received by ASP.NET.

.asmx

ASP.NET Web Services source file

.asp

Active Server Pages

.bas

Microsoft Visual Basic class module

.bat

Batch file

.cdx

Compound index

.cer

Certificate file

.chm

Compiled HTML Help file

.class

Java class file

.cmd

Microsoft Windows NT command script

.com

Microsoft MS-DOS program

.config

Configuration file

.cpl

Control Panel extension

.crt

Security certificate

.csh

Script file

.dll

Windows dynamic-link library

.exe

Program

.fxp

Microsoft Visual FoxPro compiled program

.hlp

Help file

.hta

HTML program

.htr

Script file

.htw

HTML document

.ida

Internet Information Services file

.idc

Internet database connector file

.idq

Internet data query file

.ins

Internet Naming Service

.isp

Internet Communication settings

.its

Internet Document Set file

.jse

JScript Encoded script file

.ksh

Korn Shell script file

.lnk

Shortcut

.mad

Shortcut

.maf

Shortcut

.mag

Shortcut

.mam

Shortcut

.maq

Shortcut

.mar

Shortcut

.mas

Microsoft Access stored procedure

.mat

Shortcut

.mau

Shortcut

.mav

Shortcut

.maw

Shortcut

.mda

Microsoft Access add-in program

.mdb

Microsoft Access program

.mde

Microsoft Access MDE database

.mdt

Microsoft Access data file

.mdw

Microsoft Access workgroup

.mdz

Microsoft Access wizard program

.msc

Microsoft Common Console document

.msh

Microsoft Agent script helper

.msh1

Microsoft Agent script helper

.msh1xml

Microsoft Agent script helper

.msh2

Microsoft Agent script helper

.msh2xml

Microsoft Agent script helper

.mshxml

Microsoft Agent script helper

.msi

Microsoft Windows Installer package

.msp

Windows Installer patch package file

.mst

Visual Test source files

.ops

Microsoft Office profile settings file

.pcd

Photo CD image or Microsoft Visual Test compiled script

.pif

Shortcut to MS-DOS program

.prf

System file

.prg

Program source file

.printer

Printer file

.pst

Microsoft Outlook personal folder file

.reg

Registration entries

.rem

ACT! database maintenance file

.scf

Windows Explorer command file

.scr

Screen saver

.sct

Script file

.shb

Windows shortcut

.shs

Shell Scrap object

.shtm

HTML file that contains server-side directives

.shtml

HTML file that contains server-side directives

.soap

Simple Object Access Protocol file

.stm

HTML file that contains server-side directives

.url

Uniform Resource Locator (Internet shortcut)

.vb

Microsoft Visual Basic Scripting Edition file

.vbe

VBScript Encoded Script file

.vbs

VBScript file

.ws

Windows Script file

.wsc

Windows Script Component

.wsf

Windows Script file

.wsh

Windows Script Host settings file

One thought on “SharePoint 2010–Blocked File Types”

Leave a Reply