Denyist Folder (Forbidden File Types)

When users upload files to the Links tab, there is a danger that a user may upload a harmful file or enable a command injection attack. To minimize this risk, you can use the denylist file to prevent users from uploading certain file types (for example, .bat, .ps1, .dll). Users can only associate file formats not listed in the FileExtensions.xml denylist file.

The file is located on the Web/Application server in the Web ยป Denylist folder and is stored in server memory. You can add any file types that you do not want users to be able to upload. After you make a change to the file, you must restart IIS for the change to take effect.

When a user tries to upload a file with a forbidden extension, a message displays, letting them know that they cannot upload a file with that extension, and to consult their Administrator for details.

What do you want to do?

Associate a link with a project

Associate a link with a workflow

Add a SharePoint link

Add a server link to the Links tab

Remove an association of a link and an area


Learn more about...