SharePoint 2010–Blocked File Types

SharePoint has a nice little security feature for blocking certain files from being uploaded to SharePoint libraries because of security issues. Each Web application maintains a list of blocked file types that is based on file name extensions. For example, you can block files that have the .exe extension because those files can be run on the client computer and can contain malicious code. I was asked a question the other day about blocked file types in SharePoint 2010 and how to allow them into a SharePoint repository. Now I realize that this is a massive risk but the client had a reason for wanting to do this because they wanted to store installation packages in a SharePoint library. This is generally considered not best practices, but if you have a site that is trusted and only a few individuals have upload rights, you are effectively creating a network share for installation packages.

However, I will stress that you should never allow any executable file in your SharePoint site. But…there is an exception to every rule and this is probably one of them.

Using SharePoint 2010 Central Admin

First navigate to Central admin and once there click on the security section

Once in the security section you need to be in General Security | Define blocked file types

Here you will find a list of file with file type extensions just add or remove the files you wish to block or unblock and then click ok. This is a global setting across all site collections so happy blocking. And don’t forget to check and tighten up on the media files including WMA, MP3, MP4, MOV, WMV etc. it will save you gigabytes of storage later.

Using PowerShell Commandlets

Get-SPBlockedFileType

function Get-SPBlockedFileType {
<#
.Synopsis
 This function can be used to retrieve blocked file types for a SharePoint Web Application.
.Description
 This PowerShell function uses the SharePoint Object Model to get all file
 types in the BlockedFileExtensions property for a Web Application.
.Example
 C:\PS>Get-SPBlockedFileType -WebApplication http://intranet
 This example gets blocked file types for a SharePoint Web Application at http://intranet.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$WebApplication
)
$WebApp = Get-SPWebApplication $WebApplication
$Extensions = $WebApp.BlockedFileExtensions
$Extensions | ForEach-Object {Write-Host $_}
}

Add-SPBlockedFileType

Add-SPBlockedFileType
function Add-SPBlockedFileType {
<#
.Synopsis
 This function can be used to add a blocked file type for a SharePoint Web Application.
.Description
 This PowerShell function uses the SharePoint Object Model to add file
 types to the BlockedFileExtensions property for a Web Application.
.Example
 C:\PS>Add-SPBlockedFileType -WebApplication http://intranet -Extension ps1
 This example adds the ps1 file type to the BlockedFileExtensions collection
 for a SharePoint Web Application at http://intranet.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$WebApplication,
[Parameter(Mandatory=$true)][System.String]$Extension
)
$WebApp = Get-SPWebApplication $WebApplication
$Extensions = $WebApp.BlockedFileExtensions
$Extensions.Add($Extension)
$WebApp.Update()
}

Remove-SPBlockedFileType

function Remove-SPBlockedFileType {
<#
.Synopsis
 This function can be used to remove a blocked file type from a SharePoint Web Application.
.Description
 This PowerShell function uses the SharePoint Object Model to remove file
 types from the BlockedFileExtensions property for a Web Application.
.Example
 C:\PS>Remove-SPBlockedFileType -WebApplication http://intranet -Extension ps1
 This example removes the ps1 file type from the BlockedFileExtensions collection
 of a SharePoint Web Application at http://intranet.
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, ValueFromPipeline=$true, Position=0)]
[Microsoft.SharePoint.PowerShell.SPWebApplicationPipeBind]$WebApplication,
[Parameter(Mandatory=$true)][System.String]$Extension
)
$WebApp = Get-SPWebApplication $WebApplication
$Extensions = $WebApp.BlockedFileExtensions
$Ext = $Extensions.Remove($Extension)
if($Ext -eq $true){
Write-Warning "Filetype $($Extension) has been removed from Web Application $(($WebApp).Name)"
}
else{
Write-Warning "Unable to delete filetype $($Extension) from Web Application $(($WebApp).Name)"
}
$WebApp.Update()
}

Using Visual Studio 2010:

• Open Visual Studio 2010.
• Go to File => New => Project.
• Select Console Application from the installed templates.
• Enter the Name and click Ok.
• Add the following references.
  
  o Microsoft.SharePoint.dll
• Add the following namespaces.
  
  o using Microsoft.SharePoint;

  o using System.Collections.ObjectModel;

• Replace the code with the following.
  
  string webAppUrl = "http://<server>/";

  string addBlockFileType ="aspx";

  string removeBlockFileType ="asp";

  SPWebApplication webApp =SPWebApplication.Lookup(new Uri(webAppUrl));

  Collection<string> blockFileTypes = webApp.BlockedFileExtensions;

  foreach (string fileExtension in blockFileTypes)

  {

  // displaying all the file extensions that are blocked

  Console.WriteLine(fileExtension.ToString());

  }

  Console.ReadLine();

  // adding blocked file type
  
  blockFileTypes.Add(addBlockFileType);

  // removing blocked file type
  
  blockFileTypes.Remove(removeBlockFileType);

  webApp.Update();

• Build the solution.

• Hit F5.

• All the file extensions from the blocked file type will be displayed as shown in the following.
  
  

• A new file extension "aspx" is added and the existing file extension "asp" is removed successfully.

Default Blocked File Extensions

The following table shows the file types that are blocked by default and their corresponding file name extensions.