When uploading files, blocking files based on their type can provide several benefits, especially in terms of security, data management, and ensuring appropriate use of resources.
Some CMS, WebMail or Web-sharing applications may be misconfigured, and you may not be able to set them to prevent uploads.
Artica's reverse proxy allows you to reinforce security by verifying which files are uploaded.
File detection does not pay attention to file extension. Even if you rename an executable file to a document file, the reverse-proxy will detect it by its original type.
You can also detect unwanted files in ZIP files.this feature is available on Artica v4.50 Service Pack 1 or Artica v4.50 with HotFix 20231118-02
¶ Advantages of blocking uploads using files types
- Security Enhancement:
Prevents the upload of potentially harmful files (like .exe, .bat, or .scr) that could contain malware or viruses, thereby protecting the server and users from cyber threats. - Data Integrity and Quality Control:
By allowing only specific file types, you can maintain consistency and integrity of the data being uploaded, ensuring that it meets the required standards and formats. - Compliance and Legal Issues:
Blocking certain file types helps in adhering to legal and regulatory requirements, particularly in industries where data security and privacy are paramount. - Prevention of Unwanted Content:
Blocking file types commonly associated with non-work-related content (like .mp3, .mp4) helps in maintaining a professional environment, especially in corporate or educational settings. - Easier Content Moderation:
It's simpler to moderate and manage content when you're dealing with a limited and predefined set of file types. - Reduced Risk of Data Leakage:
Blocking file types that are typically used for compressing and packaging multiple files (like .rar, .zip) can help prevent unauthorized data extraction and sharing.
¶ Create the rule
- On the main Web service section, select your website.
- On the Website settings, click on the “Web application Firewall” row
Select the file type you want to deny.
- You have a special option “Uncompress ZIP”.
If this option is checked, you allow Artica to check files inside ZIP files (depending on their type).
If a file corresponds to a denied type, then zip file uploading is interrupted
- Deny uploading of (Pictures): Block AIFF,OGG,WMA,MIDI,AC3,AAC,MP3,FLAC,M4A/AAC files
- Deny uploading of (ZIP): Block all *.zip files type
- Deny uploading of (ZIP Password): Block if a zip file is generated with a password
- Deny uploading of (GZIP): Block all *.gzip files type
- Deny uploading of (RAR): Block all *.rar files type
- Deny uploading of (7zip): Block all *.7z files type
- Deny uploading of (iso,nrg..): Block all ISO,NRG,UDF files type
- Deny uploading of (Elf/exe): Block all binaries for Linux or Windows.
- Deny uploading of (PowerShell,bat,php,python..): Block all scripts like php,inc,php3,py,ps1,bat,cmd files type
- Deny uploading of (dll,so): Block all libraries files type
- Deny uploading of (MS Office): Block modern Office documents li,e xls, docx,pptx files type
- Deny uploading of (Music files): AIFF,OGG,WMA,MIDI,AC3,AAC,MP3,FLAC,M4A/AAC files type
- Deny uploading of (Video): AVI,MKV,MP4/MOV,WMV,FLV files type