How to block the specific file types in Sitecore Media Library?

In the out-of-the-box instance of Sitecore, Content Authors are able to upload any type of file in Media Library ex. .html, .exe, .zip which is not required in most of the cases. We had requirement from one of our client to restrict all the type of file extensions and to allow only specific extensions like .doc, .docx, .pdf, .jpg, .jpeg, .png, etc. and they wanted a provision to allow the addition of the file types in case it is necessary.

So while doing R&D, I came across a Sitecore documentation which came to my rescue and saved a lot of efforts of developing the functionality from scratch.

URL: https://doc.sitecore.com/developers/91/platform-administration-and-architecture/en/secure-the-file-upload-functionality.html

There is a package which we need to download from the above link.

To install the Upload Filter tool:

  1. On the Sitecore Launchpad, click Control Panel.
    Launchpad_Control Panel
  2. Under the Administration section, click Install a Package.
    Control Panel_Package Installation
  3. Click Upload Package and browse the downloaded package.
    Package_Installation
  4. Click Next >> Click Upload >> Close >> Next >> Install.
    Package_Installation_2
  5. Click Close once the package is successfully installed.

The above package installation will add 2 files in your sitecore instance:
UploadFilter.config – Website\App_Config\Include\
UploadFilter.dll – WebSite\bin\

Go to UploadFilter.config file.
UploadFilter_Config

The default config file settings show that all the file types are allowed except .exe & .dll. In case of our requirement, I wanted all the file extensions to be blocked and allow only few mentioned ones. So we can mention the required file types in Allowed extensions parameter.
UploadFilter_Config_2

Refresh the Sitecore Instance, go to media Library and try to upload any .html file.
MediaLibrary_UploadError

Try uploading, pdf file.
MediaLibrary_UploadSuccess

There is one known issue in this package, which we will need to fix. Follow the steps given here.

Thank you.. Keep Learning.. Keep Sitecoring.. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s