In the out-of-the-box instance of Sitecore, Content Authors are able to upload any type of file in Media Library ex. .html, .exe, .zip which is not required in most of the cases. We had requirement from one of our client to restrict all the type of file extensions and to allow only specific extensions like .doc, .docx, .pdf, .jpg, .jpeg, .png, etc. and they wanted a provision to allow the addition of the file types in case it is necessary.

So while doing R&D, I came across a Sitecore documentation which came to my rescue and saved a lot of efforts of developing the functionality from scratch.

URL: https://doc.sitecore.com/developers/91/platform-administration-and-architecture/en/secure-the-file-upload-functionality.html

There is a package which we need to download from the above link.

To install the Upload Filter tool:

1. On the Sitecore Launchpad, click Control Panel.
   
2. Under the Administration section, click Install a Package.
   
3. Click Upload Package and browse the downloaded package.
   
4. Click Next >> Click Upload >> Close >> Next >> Install.
   
5. Click Close once the package is successfully installed.

The above package installation will add 2 files in your sitecore instance:
UploadFilter.config – Website\App_Config\Include\
UploadFilter.dll – WebSite\bin\

Go to UploadFilter.config file.

The default config file settings show that all the file types are allowed except .exe & .dll. In case of our requirement, I wanted all the file extensions to be blocked and allow only few mentioned ones. So we can mention the required file types in Allowed extensions parameter.

Refresh the Sitecore Instance, go to media Library and try to upload any .html file.

Try uploading, pdf file.

There is one known issue in this package, which we will need to fix. Follow the steps given here.

Thank you.. Keep Learning.. Keep Sitecoring.. 🙂