Skip to end of metadata
Go to start of metadata

You can prevent specific file extensions from being uploaded in FileCloud 10.0 and later.

Existing files cannot be renamed to use a restricted file extension in FileCloud 17.3 and later.

You can create a list of only the file extensions you want to allow to be uploaded in FileCloud 19.1 and later.

For security reasons you may want to create a set of rules for the working environment where many users have access to a central resource, such as files and folders in FileCloud Server.

  • You can either create a list of file extensions to restrict, or create a list of file extensions to allow.
  • If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored. 
  • These restrictions help to prevent users from uploading malicious attachments and viewing them.
  • By default FileCloud will restrict users from uploading any files with php and php5 extensions. This is to prevent any code injection.


Which list should I use? The Allowed or Disallowed?

  • If you know which file types you don't want to allow and this list is short, you can use the Disallowed setting.
  • If you want to allow only a few file types to be uploaded, you can use the Allowed setting.
  • If you create an Allowed list of file extensions, then any settings in the Disallowed list will be ignored. 

What Do You Want to Do?


 Allow File Extensions

If you leave an empty space in your list, then you will allow files that don't have an extension to be uploaded.

  • An empty space is defined as a delimiter character followed by no value.
ExamplesDescriptionImpact on Uploading Files
png | jpg |

Allow 3 types of files to be uploaded with an extension of:

  • png
  • jpg
  • empty

Only the following files can be uploaded by users:

  • Portable Network Graphics
  • Joint Photographic Experts Group
  • Any file without an extension (for example, a file named config)
png | jpg

Allow 3 types of files to be uploaded with an extension of:

  • png
  • jpg

Only the following files can be uploaded by users:

  • Portable Network Graphics
  • Joint Photographic Experts Group
FileCloud VersionMethodInstructionsNotes
19.1Admin Portal

To manage extension in the Admin Portal:

  1. Log into Admin Portal.
  2. From the left navigation panel, select Settings.
  3. On the Settings screen, select the Misc. tab, and then the General tab.
  4. Scroll down until you see the Allowed File Extensions box.
  5. In the Allowed File Extensions box, specify the restricted extensions, using the "|" character to separate each extension.

(warning) If you add extensions to the Allowed File Extensions list, then any extensions in the Disallowed File Extension list will be ignored.

(warning) If you leave an empty space in your list, then you will allow files that don't have an extension to be uploaded.

This list of extensions must use the following character as the delimiter:

  • '|'
  • For example, to restrict the php, php5, and mp3 extensions:

    php|php5|mp3


 Disallow File Extensions
FileCloud VersionMethodInstructionsNotes
Earlier than 17.3Direct Coding

To add additional file extension restrictions:

  1. Open the following file

    WWWROOT\config\cloudconfig.php
  2. Add the following code

    define("TONIDOCLOUD_DISALLOWED_RESTRICTIONS", "php|php5|extension_name");

To remove all file extension restrictions:

  1. Open the following file
    WWWROOT\config\cloudconfig.php
  2. Edit the code to match this:

    define("TONIDOCLOUD_DISALLOWED_RESTRICTIONS", "");

(warning)  If you add extensions to the Allowed File Extensions list, then
any extensions in the Disallowed File Extension list will be ignored.

This list of extensions must use the following character as the delimiter:

  • '|'
  • For example, to restrict the php, php5, and mp3 extensions:

    php|php5|mp3
17.3 and later

Admin Portal

Direct Coding

To manage extension in the Admin Portal:

  1. Log into Admin Portal.
  2. From the left navigation panel, select Settings.
  3. On the Settings screen, select the Misc. tab, and then the General tab.
  4. Scroll down until you see the Disallowed File Extensions box.
  5. In the Disallowed File Extensions box, specify the restricted extensions.


This list of extensions must use the following character as the delimiter:

  • '|'
  • For example, to restrict the php, php5, and mp3 extensions:

    php|php5|mp3
  • No labels