.png)
Manage blocked file types in SharePoint 2013
Published: July 16, 2012
Summary: How to block file types in SharePoint 2013 from being uploaded or downloaded based on their file name extension.
Applies to: SharePoint Foundation 2013 | SharePoint Server 2013
You can restrict file types from being uploaded or downloaded in SharePoint 2013. Each web application maintains a list of blocked file types that is based on file name extensions. For example, you can block files that have the .exe extension because those files can be run on the client computer and can contain malicious code.
By default, many file types are blocked, including file types that are treated as executable by Internet Explorer. Files whose names include braces (for example, filename.{doc}) are also blocked by default. If you add a file type of a file that exists in the site collection, a message informs you that the item already exists and you are prevented from entering the file type.
The following table shows the file types that are blocked by default and their corresponding file name extensions.
Table: File types blocked by default
| File name extension | File type |
|---|---|
| .ade | Microsoft Access project extension |
| .adp | Microsoft Access project |
| .app | Application file |
| .asa | ASP declarations file |
| .ashx | ASP.NET Web handler file. Web handlers are software modules that handle raw HTTP requests received by ASP.NET. |
| .asmx | ASP.NET Web Services source file |
| .asp | Active Server Pages |
| .bas | Microsoft Visual Basic class module |
| .bat | Batch file |
| .cdx | Compound index |
| .cer | Certificate file |
| .chm | Compiled HTML Help file |
| .class | Java class file |
| .cmd | Windows NT command script |
| .com | Microsoft MS-DOS program |
| .config | Configuration file |
| .cpl | Control Panel extension |
| .crt | Security certificate |
| .csh | Script file |
| .dll | Windows dynamic-link library |
| .exe | Program |
| .fxp | Microsoft Visual FoxPro compiled program |
| .hlp | Help file |
| .hta | HTML program |
| .htr | Script file |
| .htw | HTML document |
| .ida | Internet Information Services file |
| .idc | Internet database connector file |
| .idq | Internet data query file |
| .ins | Internet Naming Service |
| .isp | Internet Communication settings |
| .its | Internet Document Set file |
| .jse | JScript Encoded script file |
| .ksh | Korn Shell script file |
| .lnk | Shortcut |
| .mad | Shortcut |
| .maf | Shortcut |
| .mag | Shortcut |
| .mam | Shortcut |
| .maq | Shortcut |
| .mar | Shortcut |
| .mas | Microsoft Access stored procedure |
| .mat | Shortcut |
| .mau | Shortcut |
| .mav | Shortcut |
| .maw | Shortcut |
| .mda | Microsoft Access add-in program |
| .mdb | Microsoft Access program |
| .mde | Microsoft Access MDE database |
| .mdt | Microsoft Access data file |
| .mdw | Microsoft Access workgroup |
| .mdz | Microsoft Access wizard program |
| .msc | Microsoft Common Console document |
| .msh | Microsoft Agent script helper |
| .msh1 | Microsoft Agent script helper |
| .msh1xml | Microsoft Agent script helper |
| .msh2 | Microsoft Agent script helper |
| .msh2xml | Microsoft Agent script helper |
| .mshxml | Microsoft Agent script helper |
| .msi | Windows Installer package |
| .msp | Windows Installer update package file |
| .mst | Visual Test source files |
| .ops | Microsoft Office profile settings file |
| .pcd | Photo CD image or Microsoft Visual Test compiled script |
| .pif | Shortcut to MS-DOS program |
| .prf | System file |
| .prg | Program source file |
| .printer | Printer file |
| .pst | Microsoft Outlook personal folder file |
| .reg | Registration entries |
| .rem | ACT! database maintenance file |
| .scf | Windows Explorer command file |
| .scr | Screen saver |
| .sct | Script file |
| .shb | Windows shortcut |
| .shs | Shell Scrap object |
| .shtm | HTML file that contains server-side directives |
| .shtml | HTML file that contains server-side directives |
| .soap | Simple Object Access Protocol file |
| .stm | HTML file that contains server-side directives |
| .url | Uniform Resource Locator (Internet shortcut) |
| .vb | Microsoft Visual Basic Scripting Edition file |
| .vbe | VBScript Encoded Script file |
| .vbs | VBScript file |
| .ws | Windows Script file |
| .wsc | Windows Script Component |
| .wsf | Windows Script file |
| .wsh | Windows Script Host settings file |
 Important: |
|---|
| The steps in this article apply to both SharePoint Foundation 2013 and SharePoint Server 2013. |
Add or remove blocked file types
Use this procedure when you want to prohibit files of a specific type from being saved or retrieved from any web application on a server.
To add or remove blocked file types by using Central Administration
-
Verify that you have the following administrative credentials.
-
You must be a farm administrator on the server.
-
-
In Central Administration, click Security.
-
On the Security page, in the General Security section, click Define blocked file types.
-
On the Blocked File Types page, if you want to change the selected web application, on the Web Application menu, click Change Web Application. Use the Select Web Application page to select a web application.
-
Do one of the following:
-
To block an additional file type, scroll to the bottom of the Type each file name extension on a separate line text box, type the file name extension that you want to block, and then click OK.
Note: You do not have to type a file name extension in the list in alphabetical order. The next time that you open the list, the file name extension you added will be correctly sorted in alphabetical order.
-
To stop blocking a file type, select a file type from the list, press the Delete key, and then click OK.
-
Change History
| Date | Description |
|---|---|
| July 16, 2012 | Initial publication |
