Cerberus FTP is pleased to announce an update to our file extension management: the ability to set an allowed extension list! This feature allows administrators to restrict all file uploads except those with specific extensions.

About the New Feature

Cerberus FTP Server can now check all file uploads’ extensions and block the file if it was on an extension deny list.  We’ve enhanced this feature, introducing the option of an Allowed Extensions list, which flips this concept on its head: All file types are upload-blocked except those on this list.  This new list is functionally identical to the previous “Deny” list, set by choosing the “Allow” icon.

Examples of the Administrator GUI

Blocked Extensions Settings Panel
Blocked Extensions
Allowed Extensions Panel
Allowed Extensions

Under the User Manager / (Allowed/Blocked) Extensions tab, the toggle buttons on the upper right corner of the panel control the new Allowed Extensions feature. Its behavior is similar to our IP Manager / IP List feature, where it toggles between settings. Since swapping between modes takes effect immediately, a pop-up dialog alerts admins that changes have been made.

Warning Dialog When Changing Extension Mode

There is a new list for Allowed Extensions independent of previously-defined Blocked Extensions list.  Either list is modified by the GUI to the right of the panel, using the Extension text box. Here an administrator can add new extensions to their chosen list, either one at a time or in bulk using a comma separated list.

Web User Experience

When users attempt to upload a file with an extension not on the allowed list, they are greeted with an error toast notification that their file operation isn’t allowed.

Extension Upload Error Message
Extension Upload Error Message

This wouble be the same behavior as before, if the user attempted to upload to a Blocked Extension list with .msi listed. From the user point of view, there is no difference between the two extension list modes.

Security Impact

The new Allowed Extensions list is more secure and easier to manage. Instead of compiling a list of all potentially unsafe file types (.com, .exe, .ps, .inx, .paf, .mst, etc etc), the administrator may simply define a short list of known safe file types (such as .txt & .doc) allowed for upload. A file type with previously unknown vulnerabilities would be unable to be uploaded to the Cerberus FTP Server by users, cutting down on potential malware risks.

Conclusion

With this new update of the Allowed List to our file extension blocking feature in Cerberus FTP Server 12.8.0, admins have a more secure way to restrict files being introduced to their system. If you have any other questions or concerns, please contact us and give us feedback on your Cerberus FTP Server experience.